// Jest Snapshot v1, https://goo.gl/fbAQLP exports[`Snapshot 1`] = ` { "Outputs": { "apiELTIApiEndpoint88D0375C": { "Value": { "Fn::Join": [ "", [ "https://", { "Ref": "apiELTIApiA792B265", }, ".execute-api.", { "Ref": "AWS::Region", }, ".", { "Ref": "AWS::URLSuffix", }, "/", { "Ref": "apiELTIApiDeploymentStageprod2D274CC9", }, "/", ], ], }, }, "apiELTIConfigApiEndpointEE844320": { "Value": { "Fn::Join": [ "", [ "https://", { "Ref": "apiELTIConfigApiFA21C666", }, ".execute-api.", { "Ref": "AWS::Region", }, ".", { "Ref": "AWS::URLSuffix", }, "/", { "Ref": "apiELTIConfigApiDeploymentStageprod89685E06", }, "/", ], ], }, }, "apiELTIControlPlaneURI5387E677": { "Value": { "Fn::Join": [ "", [ "https://", { "Ref": "apiELTIConfigApiFA21C666", }, ".execute-api.", { "Ref": "AWS::Region", }, ".", { "Ref": "AWS::URLSuffix", }, "/", { "Ref": "apiELTIConfigApiDeploymentStageprod89685E06", }, "/", ], ], }, }, "apiELTIURIED391A79": { "Value": { "Fn::Join": [ "", [ "https://", { "Ref": "apiELTIApiA792B265", }, ".execute-api.", { "Ref": "AWS::Region", }, ".", { "Ref": "AWS::URLSuffix", }, "/", { "Ref": "apiELTIApiDeploymentStageprod2D274CC9", }, "/", ], ], }, }, "keysELTIKeyIdA061D8A3": { "Value": { "Ref": "keysltiAsymmetricKeyFE868879", }, }, "tablesELTIControlPlaneTable05104AEE": { "Value": { "Ref": "tablescontrolPlaneTable49F703D0", }, }, "tablesELTIDataTableE568C4E0": { "Value": { "Ref": "tablesdataPlaneTable57BF29C7", }, }, }, "Parameters": { "BootstrapVersion": { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, "certificateArn": { "Default": "", "Description": "ACM Certificate Arn", "Type": "String", }, "r53HostedZoneId": { "Default": "", "Description": "Route53 hosted zone id", "Type": "String", }, "r53HostedZoneName": { "Default": "", "Description": "Route53 hosted zone name", "Type": "String", }, "subDomainName": { "Default": "", "Description": "Custom sub-domain name for ELTI APIGW", "Type": "String", }, }, "Resources": { "EltiConfigWebACLAssociation": { "Properties": { "ResourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":apigateway:", { "Ref": "AWS::Region", }, "::/restapis/", { "Ref": "apiELTIConfigApiFA21C666", }, "/stages/", { "Ref": "apiELTIConfigApiDeploymentStageprod89685E06", }, ], ], }, "WebACLArn": { "Fn::GetAtt": [ "eltiWafBase", "Arn", ], }, }, "Type": "AWS::WAFv2::WebACLAssociation", }, "EltiWebACLAssociation": { "Properties": { "ResourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":apigateway:", { "Ref": "AWS::Region", }, "::/restapis/", { "Ref": "apiELTIApiA792B265", }, "/stages/", { "Ref": "apiELTIApiDeploymentStageprod2D274CC9", }, ], ], }, "WebACLArn": { "Fn::GetAtt": [ "eltiWafBase", "Arn", ], }, }, "Type": "AWS::WAFv2::WebACLAssociation", }, "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A": { "DependsOn": [ "lambdasltiOidcLogRetentionRoleDefaultPolicy7B838846", "lambdasltiOidcLogRetentionRoleF898250A", ], "Properties": { "Code": { "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "eb5b005c858404ea0c8f68098ed5dcdf5340e02461f149751d10f59c210d5ef8.zip", }, "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "lambdasltiOidcLogRetentionRoleF898250A", "Arn", ], }, "Runtime": "nodejs14.x", }, "Type": "AWS::Lambda::Function", }, "apiAccessLogsE8DA0A02": { "DeletionPolicy": "Retain", "Properties": { "RetentionInDays": 3653, }, "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, "apiELTIApiA792B265": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "Name": "ELTIApi", "Policy": { "Statement": [ { "Action": "execute-api:Invoke", "Effect": "Allow", "Principal": { "AWS": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::", { "Ref": "AWS::AccountId", }, ":root", ], ], }, }, "Resource": "execute-api:/*/POST/scoreSubmission", }, { "Action": "execute-api:Invoke", "Effect": "Allow", "Principal": "*", "Resource": "execute-api:/*/POST/deepLinkingProxy", }, { "Action": "execute-api:Invoke", "Effect": "Allow", "Principal": "*", "Resource": [ "execute-api:/*/*/login", "execute-api:/*/*/launch", "execute-api:/*/*/jwks.json", ], }, { "Action": "execute-api:Invoke", "Effect": "Allow", "Principal": { "AWS": "*", }, "Resource": [ "execute-api:/*/GET/authorizerProxy", "execute-api:/*/POST/tokenProxy", ], }, ], "Version": "2012-10-17", }, }, "Type": "AWS::ApiGateway::RestApi", }, "apiELTIApiAccount24D4F740": { "DeletionPolicy": "Retain", "DependsOn": [ "apiELTIApiA792B265", ], "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "CloudWatchRoleArn": { "Fn::GetAtt": [ "apiELTIApiCloudWatchRole15503B4E", "Arn", ], }, }, "Type": "AWS::ApiGateway::Account", "UpdateReplacePolicy": "Retain", }, "apiELTIApiCloudWatchRole15503B4E": { "DeletionPolicy": "Retain", "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "apigateway.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", ], ], }, ], }, "Type": "AWS::IAM::Role", "UpdateReplacePolicy": "Retain", }, "apiELTIApiDeploymentE5E04DBA9ba6b5578e79d92d91aee4126de451ea": { "DependsOn": [ "apiELTIApiauthorizerProxyGETB536CE11", "apiELTIApiauthorizerProxy7A5A1CC9", "apiELTIApideepLinkingProxyPOST0A47F6D2", "apiELTIApideepLinkingProxy3C55EEA9", "apiELTIApijwksjsonGETE757431B", "apiELTIApijwksjson03E9176C", "apiELTIApilaunchGETD62DF8AF", "apiELTIApilaunchPOSTC265D3A3", "apiELTIApilaunch8E6D3031", "apiELTIApiloginGET11FD9B6C", "apiELTIApiloginPOST7A347EDB", "apiELTIApilogin45BDD80F", "apiELTIApiOPTIONS844F69E5", "apiELTIApiscoreSubmissionPOST816C45CF", "apiELTIApiscoreSubmission1718D13B", "apiELTIApitokenProxyPOSTA5640BB9", "apiELTIApitokenProxy8E31FDAF", ], "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "Description": "Automatically created by the RestApi construct", "RestApiId": { "Ref": "apiELTIApiA792B265", }, }, "Type": "AWS::ApiGateway::Deployment", }, "apiELTIApiDeploymentStageprod2D274CC9": { "DependsOn": [ "apiELTIApiAccount24D4F740", ], "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "AccessLogSetting": { "DestinationArn": { "Fn::GetAtt": [ "apiAccessLogsE8DA0A02", "Arn", ], }, "Format": "{"requestId":"$context.requestId","ip":"$context.identity.sourceIp","user":"$context.identity.user","caller":"$context.identity.caller","requestTime":"$context.requestTime","httpMethod":"$context.httpMethod","resourcePath":"$context.resourcePath","status":"$context.status","protocol":"$context.protocol","responseLength":"$context.responseLength"}", }, "DeploymentId": { "Ref": "apiELTIApiDeploymentE5E04DBA9ba6b5578e79d92d91aee4126de451ea", }, "MethodSettings": [ { "DataTraceEnabled": false, "HttpMethod": "*", "LoggingLevel": "INFO", "MetricsEnabled": true, "ResourcePath": "/*", }, ], "RestApiId": { "Ref": "apiELTIApiA792B265", }, "StageName": "prod", "TracingEnabled": true, }, "Type": "AWS::ApiGateway::Stage", }, "apiELTIApiOPTIONS844F69E5": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "AuthorizationType": "NONE", "HttpMethod": "OPTIONS", "Integration": { "IntegrationResponses": [ { "ResponseParameters": { "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent'", "method.response.header.Access-Control-Allow-Methods": "'GET,PUT'", "method.response.header.Access-Control-Allow-Origin": "'*'", }, "StatusCode": "204", }, ], "RequestTemplates": { "application/json": "{ statusCode: 200 }", }, "Type": "MOCK", }, "MethodResponses": [ { "ResponseParameters": { "method.response.header.Access-Control-Allow-Headers": true, "method.response.header.Access-Control-Allow-Methods": true, "method.response.header.Access-Control-Allow-Origin": true, }, "StatusCode": "204", }, ], "ResourceId": { "Fn::GetAtt": [ "apiELTIApiA792B265", "RootResourceId", ], }, "RestApiId": { "Ref": "apiELTIApiA792B265", }, }, "Type": "AWS::ApiGateway::Method", }, "apiELTIApiauthorizerProxy7A5A1CC9": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "ParentId": { "Fn::GetAtt": [ "apiELTIApiA792B265", "RootResourceId", ], }, "PathPart": "authorizerProxy", "RestApiId": { "Ref": "apiELTIApiA792B265", }, }, "Type": "AWS::ApiGateway::Resource", }, "apiELTIApiauthorizerProxyGETApiPermissionTesttestapiELTIApi6BB5DB92GETauthorizerProxy219971D2": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "lambdasauthorizerProxy06FC2F8A", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":execute-api:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":", { "Ref": "apiELTIApiA792B265", }, "/test-invoke-stage/GET/authorizerProxy", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "apiELTIApiauthorizerProxyGETApiPermissiontestapiELTIApi6BB5DB92GETauthorizerProxyA1FC7208": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "lambdasauthorizerProxy06FC2F8A", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":execute-api:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":", { "Ref": "apiELTIApiA792B265", }, "/", { "Ref": "apiELTIApiDeploymentStageprod2D274CC9", }, "/GET/authorizerProxy", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "apiELTIApiauthorizerProxyGETB536CE11": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "AuthorizationType": "NONE", "HttpMethod": "GET", "Integration": { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", "Uri": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":apigateway:", { "Ref": "AWS::Region", }, ":lambda:path/2015-03-31/functions/", { "Fn::GetAtt": [ "lambdasauthorizerProxy06FC2F8A", "Arn", ], }, "/invocations", ], ], }, }, "ResourceId": { "Ref": "apiELTIApiauthorizerProxy7A5A1CC9", }, "RestApiId": { "Ref": "apiELTIApiA792B265", }, }, "Type": "AWS::ApiGateway::Method", }, "apiELTIApideepLinkingProxy3C55EEA9": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "ParentId": { "Fn::GetAtt": [ "apiELTIApiA792B265", "RootResourceId", ], }, "PathPart": "deepLinkingProxy", "RestApiId": { "Ref": "apiELTIApiA792B265", }, }, "Type": "AWS::ApiGateway::Resource", }, "apiELTIApideepLinkingProxyPOST0A47F6D2": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "AuthorizationType": "NONE", "HttpMethod": "POST", "Integration": { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", "Uri": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":apigateway:", { "Ref": "AWS::Region", }, ":lambda:path/2015-03-31/functions/", { "Fn::GetAtt": [ "lambdasdeepLinkingProxy6C034861", "Arn", ], }, "/invocations", ], ], }, }, "ResourceId": { "Ref": "apiELTIApideepLinkingProxy3C55EEA9", }, "RestApiId": { "Ref": "apiELTIApiA792B265", }, }, "Type": "AWS::ApiGateway::Method", }, "apiELTIApideepLinkingProxyPOSTApiPermissionTesttestapiELTIApi6BB5DB92POSTdeepLinkingProxy15A4FD6E": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "lambdasdeepLinkingProxy6C034861", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":execute-api:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":", { "Ref": "apiELTIApiA792B265", }, "/test-invoke-stage/POST/deepLinkingProxy", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "apiELTIApideepLinkingProxyPOSTApiPermissiontestapiELTIApi6BB5DB92POSTdeepLinkingProxyF4C632C5": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "lambdasdeepLinkingProxy6C034861", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":execute-api:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":", { "Ref": "apiELTIApiA792B265", }, "/", { "Ref": "apiELTIApiDeploymentStageprod2D274CC9", }, "/POST/deepLinkingProxy", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "apiELTIApijwksjson03E9176C": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "ParentId": { "Fn::GetAtt": [ "apiELTIApiA792B265", "RootResourceId", ], }, "PathPart": "jwks.json", "RestApiId": { "Ref": "apiELTIApiA792B265", }, }, "Type": "AWS::ApiGateway::Resource", }, "apiELTIApijwksjsonGETApiPermissionTesttestapiELTIApi6BB5DB92GETjwksjsonEF11F1CF": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "lambdasltiJwksC1ADFCB8", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":execute-api:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":", { "Ref": "apiELTIApiA792B265", }, "/test-invoke-stage/GET/jwks.json", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "apiELTIApijwksjsonGETApiPermissiontestapiELTIApi6BB5DB92GETjwksjson87C3EDAE": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "lambdasltiJwksC1ADFCB8", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":execute-api:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":", { "Ref": "apiELTIApiA792B265", }, "/", { "Ref": "apiELTIApiDeploymentStageprod2D274CC9", }, "/GET/jwks.json", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "apiELTIApijwksjsonGETE757431B": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "AuthorizationType": "NONE", "HttpMethod": "GET", "Integration": { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", "Uri": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":apigateway:", { "Ref": "AWS::Region", }, ":lambda:path/2015-03-31/functions/", { "Fn::GetAtt": [ "lambdasltiJwksC1ADFCB8", "Arn", ], }, "/invocations", ], ], }, }, "ResourceId": { "Ref": "apiELTIApijwksjson03E9176C", }, "RestApiId": { "Ref": "apiELTIApiA792B265", }, }, "Type": "AWS::ApiGateway::Method", }, "apiELTIApilaunch8E6D3031": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "ParentId": { "Fn::GetAtt": [ "apiELTIApiA792B265", "RootResourceId", ], }, "PathPart": "launch", "RestApiId": { "Ref": "apiELTIApiA792B265", }, }, "Type": "AWS::ApiGateway::Resource", }, "apiELTIApilaunchGETApiPermissionTesttestapiELTIApi6BB5DB92GETlaunchC73BAEEC": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "lambdasltiLaunch4A18F0B1", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":execute-api:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":", { "Ref": "apiELTIApiA792B265", }, "/test-invoke-stage/GET/launch", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "apiELTIApilaunchGETApiPermissiontestapiELTIApi6BB5DB92GETlaunch2E2CDD8B": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "lambdasltiLaunch4A18F0B1", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":execute-api:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":", { "Ref": "apiELTIApiA792B265", }, "/", { "Ref": "apiELTIApiDeploymentStageprod2D274CC9", }, "/GET/launch", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "apiELTIApilaunchGETD62DF8AF": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "AuthorizationType": "NONE", "HttpMethod": "GET", "Integration": { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", "Uri": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":apigateway:", { "Ref": "AWS::Region", }, ":lambda:path/2015-03-31/functions/", { "Fn::GetAtt": [ "lambdasltiLaunch4A18F0B1", "Arn", ], }, "/invocations", ], ], }, }, "ResourceId": { "Ref": "apiELTIApilaunch8E6D3031", }, "RestApiId": { "Ref": "apiELTIApiA792B265", }, }, "Type": "AWS::ApiGateway::Method", }, "apiELTIApilaunchPOSTApiPermissionTesttestapiELTIApi6BB5DB92POSTlaunch0158F349": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "lambdasltiLaunch4A18F0B1", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":execute-api:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":", { "Ref": "apiELTIApiA792B265", }, "/test-invoke-stage/POST/launch", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "apiELTIApilaunchPOSTApiPermissiontestapiELTIApi6BB5DB92POSTlaunch482E37F3": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "lambdasltiLaunch4A18F0B1", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":execute-api:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":", { "Ref": "apiELTIApiA792B265", }, "/", { "Ref": "apiELTIApiDeploymentStageprod2D274CC9", }, "/POST/launch", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "apiELTIApilaunchPOSTC265D3A3": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "AuthorizationType": "NONE", "HttpMethod": "POST", "Integration": { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", "Uri": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":apigateway:", { "Ref": "AWS::Region", }, ":lambda:path/2015-03-31/functions/", { "Fn::GetAtt": [ "lambdasltiLaunch4A18F0B1", "Arn", ], }, "/invocations", ], ], }, }, "ResourceId": { "Ref": "apiELTIApilaunch8E6D3031", }, "RestApiId": { "Ref": "apiELTIApiA792B265", }, }, "Type": "AWS::ApiGateway::Method", }, "apiELTIApilogin45BDD80F": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "ParentId": { "Fn::GetAtt": [ "apiELTIApiA792B265", "RootResourceId", ], }, "PathPart": "login", "RestApiId": { "Ref": "apiELTIApiA792B265", }, }, "Type": "AWS::ApiGateway::Resource", }, "apiELTIApiloginGET11FD9B6C": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "AuthorizationType": "NONE", "HttpMethod": "GET", "Integration": { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", "Uri": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":apigateway:", { "Ref": "AWS::Region", }, ":lambda:path/2015-03-31/functions/", { "Fn::GetAtt": [ "lambdasltiOidcFA92D3C4", "Arn", ], }, "/invocations", ], ], }, }, "ResourceId": { "Ref": "apiELTIApilogin45BDD80F", }, "RestApiId": { "Ref": "apiELTIApiA792B265", }, }, "Type": "AWS::ApiGateway::Method", }, "apiELTIApiloginGETApiPermissionTesttestapiELTIApi6BB5DB92GETlogin6A793C7D": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "lambdasltiOidcFA92D3C4", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":execute-api:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":", { "Ref": "apiELTIApiA792B265", }, "/test-invoke-stage/GET/login", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "apiELTIApiloginGETApiPermissiontestapiELTIApi6BB5DB92GETlogin688A294E": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "lambdasltiOidcFA92D3C4", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":execute-api:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":", { "Ref": "apiELTIApiA792B265", }, "/", { "Ref": "apiELTIApiDeploymentStageprod2D274CC9", }, "/GET/login", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "apiELTIApiloginPOST7A347EDB": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "AuthorizationType": "NONE", "HttpMethod": "POST", "Integration": { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", "Uri": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":apigateway:", { "Ref": "AWS::Region", }, ":lambda:path/2015-03-31/functions/", { "Fn::GetAtt": [ "lambdasltiOidcFA92D3C4", "Arn", ], }, "/invocations", ], ], }, }, "ResourceId": { "Ref": "apiELTIApilogin45BDD80F", }, "RestApiId": { "Ref": "apiELTIApiA792B265", }, }, "Type": "AWS::ApiGateway::Method", }, "apiELTIApiloginPOSTApiPermissionTesttestapiELTIApi6BB5DB92POSTlogin84FB4D4E": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "lambdasltiOidcFA92D3C4", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":execute-api:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":", { "Ref": "apiELTIApiA792B265", }, "/test-invoke-stage/POST/login", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "apiELTIApiloginPOSTApiPermissiontestapiELTIApi6BB5DB92POSTlogin3B6D1B70": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "lambdasltiOidcFA92D3C4", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":execute-api:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":", { "Ref": "apiELTIApiA792B265", }, "/", { "Ref": "apiELTIApiDeploymentStageprod2D274CC9", }, "/POST/login", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "apiELTIApiscoreSubmission1718D13B": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "ParentId": { "Fn::GetAtt": [ "apiELTIApiA792B265", "RootResourceId", ], }, "PathPart": "scoreSubmission", "RestApiId": { "Ref": "apiELTIApiA792B265", }, }, "Type": "AWS::ApiGateway::Resource", }, "apiELTIApiscoreSubmissionPOST816C45CF": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "AuthorizationType": "AWS_IAM", "HttpMethod": "POST", "Integration": { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", "Uri": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":apigateway:", { "Ref": "AWS::Region", }, ":lambda:path/2015-03-31/functions/", { "Fn::GetAtt": [ "lambdasscoreSubmission63FC62E4", "Arn", ], }, "/invocations", ], ], }, }, "ResourceId": { "Ref": "apiELTIApiscoreSubmission1718D13B", }, "RestApiId": { "Ref": "apiELTIApiA792B265", }, }, "Type": "AWS::ApiGateway::Method", }, "apiELTIApiscoreSubmissionPOSTApiPermissionTesttestapiELTIApi6BB5DB92POSTscoreSubmission1D97238C": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "lambdasscoreSubmission63FC62E4", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":execute-api:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":", { "Ref": "apiELTIApiA792B265", }, "/test-invoke-stage/POST/scoreSubmission", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "apiELTIApiscoreSubmissionPOSTApiPermissiontestapiELTIApi6BB5DB92POSTscoreSubmission546DE201": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "lambdasscoreSubmission63FC62E4", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":execute-api:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":", { "Ref": "apiELTIApiA792B265", }, "/", { "Ref": "apiELTIApiDeploymentStageprod2D274CC9", }, "/POST/scoreSubmission", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "apiELTIApitokenProxy8E31FDAF": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "ParentId": { "Fn::GetAtt": [ "apiELTIApiA792B265", "RootResourceId", ], }, "PathPart": "tokenProxy", "RestApiId": { "Ref": "apiELTIApiA792B265", }, }, "Type": "AWS::ApiGateway::Resource", }, "apiELTIApitokenProxyPOSTA5640BB9": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "AuthorizationType": "NONE", "HttpMethod": "POST", "Integration": { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", "Uri": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":apigateway:", { "Ref": "AWS::Region", }, ":lambda:path/2015-03-31/functions/", { "Fn::GetAtt": [ "lambdastokenProxy38E950E5", "Arn", ], }, "/invocations", ], ], }, }, "ResourceId": { "Ref": "apiELTIApitokenProxy8E31FDAF", }, "RestApiId": { "Ref": "apiELTIApiA792B265", }, }, "Type": "AWS::ApiGateway::Method", }, "apiELTIApitokenProxyPOSTApiPermissionTesttestapiELTIApi6BB5DB92POSTtokenProxyCB865F12": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "lambdastokenProxy38E950E5", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":execute-api:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":", { "Ref": "apiELTIApiA792B265", }, "/test-invoke-stage/POST/tokenProxy", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "apiELTIApitokenProxyPOSTApiPermissiontestapiELTIApi6BB5DB92POSTtokenProxyF6E5B6F4": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI validation.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTI resources as it enforces auth inside lambdas.", }, ], }, }, "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "lambdastokenProxy38E950E5", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":execute-api:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":", { "Ref": "apiELTIApiA792B265", }, "/", { "Ref": "apiELTIApiDeploymentStageprod2D274CC9", }, "/POST/tokenProxy", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "apiELTIConfigApiAccount3E94C309": { "DeletionPolicy": "Retain", "DependsOn": [ "apiELTIConfigApiFA21C666", ], "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane validation.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane resource.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane resource does not use cognito authorizer.", }, ], }, }, "Properties": { "CloudWatchRoleArn": { "Fn::GetAtt": [ "apiELTIConfigApiCloudWatchRole3A6ECB08", "Arn", ], }, }, "Type": "AWS::ApiGateway::Account", "UpdateReplacePolicy": "Retain", }, "apiELTIConfigApiCloudWatchRole3A6ECB08": { "DeletionPolicy": "Retain", "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane validation.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane resource.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane resource does not use cognito authorizer.", }, ], }, }, "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "apigateway.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", ], ], }, ], }, "Type": "AWS::IAM::Role", "UpdateReplacePolicy": "Retain", }, "apiELTIConfigApiDeploymentD7D043C105fe0cc36587094a438cf68769b29dc0": { "DependsOn": [ "apiELTIConfigApiOPTIONS928634A9", "apiELTIConfigApiplatformPOSTED8FE0A7", "apiELTIConfigApiplatformAB0B3D5F", "apiELTIConfigApitoolPOST623B64FE", "apiELTIConfigApitoolC6EAD11B", ], "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane validation.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane resource.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane resource does not use cognito authorizer.", }, ], }, }, "Properties": { "Description": "Automatically created by the RestApi construct", "RestApiId": { "Ref": "apiELTIConfigApiFA21C666", }, }, "Type": "AWS::ApiGateway::Deployment", }, "apiELTIConfigApiDeploymentStageprod89685E06": { "DependsOn": [ "apiELTIConfigApiAccount3E94C309", ], "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane validation.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane resource.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane resource does not use cognito authorizer.", }, ], }, }, "Properties": { "AccessLogSetting": { "DestinationArn": { "Fn::GetAtt": [ "apiAccessLogsE8DA0A02", "Arn", ], }, "Format": "{"requestId":"$context.requestId","ip":"$context.identity.sourceIp","user":"$context.identity.user","caller":"$context.identity.caller","requestTime":"$context.requestTime","httpMethod":"$context.httpMethod","resourcePath":"$context.resourcePath","status":"$context.status","protocol":"$context.protocol","responseLength":"$context.responseLength"}", }, "DeploymentId": { "Ref": "apiELTIConfigApiDeploymentD7D043C105fe0cc36587094a438cf68769b29dc0", }, "MethodSettings": [ { "DataTraceEnabled": false, "HttpMethod": "*", "LoggingLevel": "INFO", "MetricsEnabled": true, "ResourcePath": "/*", }, ], "RestApiId": { "Ref": "apiELTIConfigApiFA21C666", }, "StageName": "prod", "TracingEnabled": true, }, "Type": "AWS::ApiGateway::Stage", }, "apiELTIConfigApiFA21C666": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane validation.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane resource.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane resource does not use cognito authorizer.", }, ], }, }, "Properties": { "Name": "ELTIConfigApi", "Policy": { "Statement": [ { "Action": "execute-api:Invoke", "Effect": "Allow", "Principal": { "AWS": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::", { "Ref": "AWS::AccountId", }, ":root", ], ], }, }, "Resource": [ "execute-api:/*/*/platform", "execute-api:/*/*/tool", ], }, ], "Version": "2012-10-17", }, }, "Type": "AWS::ApiGateway::RestApi", }, "apiELTIConfigApiOPTIONS928634A9": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane validation.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane resource.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane resource does not use cognito authorizer.", }, ], }, }, "Properties": { "AuthorizationType": "NONE", "HttpMethod": "OPTIONS", "Integration": { "IntegrationResponses": [ { "ResponseParameters": { "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent'", "method.response.header.Access-Control-Allow-Methods": "'GET,PUT'", "method.response.header.Access-Control-Allow-Origin": "'*'", }, "StatusCode": "204", }, ], "RequestTemplates": { "application/json": "{ statusCode: 200 }", }, "Type": "MOCK", }, "MethodResponses": [ { "ResponseParameters": { "method.response.header.Access-Control-Allow-Headers": true, "method.response.header.Access-Control-Allow-Methods": true, "method.response.header.Access-Control-Allow-Origin": true, }, "StatusCode": "204", }, ], "ResourceId": { "Fn::GetAtt": [ "apiELTIConfigApiFA21C666", "RootResourceId", ], }, "RestApiId": { "Ref": "apiELTIConfigApiFA21C666", }, }, "Type": "AWS::ApiGateway::Method", }, "apiELTIConfigApiplatformAB0B3D5F": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane validation.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane resource.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane resource does not use cognito authorizer.", }, ], }, }, "Properties": { "ParentId": { "Fn::GetAtt": [ "apiELTIConfigApiFA21C666", "RootResourceId", ], }, "PathPart": "platform", "RestApiId": { "Ref": "apiELTIConfigApiFA21C666", }, }, "Type": "AWS::ApiGateway::Resource", }, "apiELTIConfigApiplatformPOSTApiPermissionTesttestapiELTIConfigApi4555AB28POSTplatformCCE1AFAD": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane validation.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane resource.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane resource does not use cognito authorizer.", }, ], }, }, "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "lambdasltiPlatformRegister68BD8997", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":execute-api:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":", { "Ref": "apiELTIConfigApiFA21C666", }, "/test-invoke-stage/POST/platform", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "apiELTIConfigApiplatformPOSTApiPermissiontestapiELTIConfigApi4555AB28POSTplatformECBF9060": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane validation.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane resource.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane resource does not use cognito authorizer.", }, ], }, }, "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "lambdasltiPlatformRegister68BD8997", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":execute-api:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":", { "Ref": "apiELTIConfigApiFA21C666", }, "/", { "Ref": "apiELTIConfigApiDeploymentStageprod89685E06", }, "/POST/platform", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "apiELTIConfigApiplatformPOSTED8FE0A7": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane validation.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane resource.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane resource does not use cognito authorizer.", }, ], }, }, "Properties": { "AuthorizationType": "AWS_IAM", "HttpMethod": "POST", "Integration": { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", "Uri": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":apigateway:", { "Ref": "AWS::Region", }, ":lambda:path/2015-03-31/functions/", { "Fn::GetAtt": [ "lambdasltiPlatformRegister68BD8997", "Arn", ], }, "/invocations", ], ], }, }, "ResourceId": { "Ref": "apiELTIConfigApiplatformAB0B3D5F", }, "RestApiId": { "Ref": "apiELTIConfigApiFA21C666", }, }, "Type": "AWS::ApiGateway::Method", }, "apiELTIConfigApitoolC6EAD11B": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane validation.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane resource.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane resource does not use cognito authorizer.", }, ], }, }, "Properties": { "ParentId": { "Fn::GetAtt": [ "apiELTIConfigApiFA21C666", "RootResourceId", ], }, "PathPart": "tool", "RestApiId": { "Ref": "apiELTIConfigApiFA21C666", }, }, "Type": "AWS::ApiGateway::Resource", }, "apiELTIConfigApitoolPOST623B64FE": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane validation.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane resource.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane resource does not use cognito authorizer.", }, ], }, }, "Properties": { "AuthorizationType": "AWS_IAM", "HttpMethod": "POST", "Integration": { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", "Uri": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":apigateway:", { "Ref": "AWS::Region", }, ":lambda:path/2015-03-31/functions/", { "Fn::GetAtt": [ "lambdasltiToolConfigAF290814", "Arn", ], }, "/invocations", ], ], }, }, "ResourceId": { "Ref": "apiELTIConfigApitoolC6EAD11B", }, "RestApiId": { "Ref": "apiELTIConfigApiFA21C666", }, }, "Type": "AWS::ApiGateway::Method", }, "apiELTIConfigApitoolPOSTApiPermissionTesttestapiELTIConfigApi4555AB28POSTtoolDFAB3C3D": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane validation.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane resource.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane resource does not use cognito authorizer.", }, ], }, }, "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "lambdasltiToolConfigAF290814", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":execute-api:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":", { "Ref": "apiELTIConfigApiFA21C666", }, "/test-invoke-stage/POST/tool", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "apiELTIConfigApitoolPOSTApiPermissiontestapiELTIConfigApi4555AB28POSTtool894C4B87": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Suppress all AwsSolutions-IAM4 findings on apiLTI for AmazonAPIGatewayPushToCloudWatchLogs.", }, { "id": "AwsSolutions-APIG2", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane validation.", }, { "id": "AwsSolutions-APIG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane resource.", }, { "id": "AwsSolutions-COG4", "reason": "Suppress all AwsSolutions-APIG2 findings on apiLTIControlPlane resource does not use cognito authorizer.", }, ], }, }, "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "lambdasltiToolConfigAF290814", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":execute-api:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":", { "Ref": "apiELTIConfigApiFA21C666", }, "/", { "Ref": "apiELTIConfigApiDeploymentStageprod89685E06", }, "/POST/tool", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "eltiWafBase": { "Properties": { "DefaultAction": { "Allow": {}, }, "Description": "Basic protection for ELTI APIGW endpoints.", "Rules": [ { "Name": "AWSManagedRulesCommonRuleSet", "OverrideAction": { "None": {}, }, "Priority": 0, "Statement": { "ManagedRuleGroupStatement": { "Name": "AWSManagedRulesCommonRuleSet", "RuleActionOverrides": [ { "ActionToUse": { "Allow": {}, }, "Name": "SizeRestrictions_QUERYSTRING", }, { "ActionToUse": { "Allow": {}, }, "Name": "SizeRestrictions_Cookie_HEADER", }, { "ActionToUse": { "Allow": {}, }, "Name": "SizeRestrictions_URIPATH", }, { "ActionToUse": { "Allow": {}, }, "Name": "SizeRestrictions_BODY", }, ], "VendorName": "AWS", }, }, "VisibilityConfig": { "CloudWatchMetricsEnabled": true, "MetricName": "ELTIAPIWebACL-CRS", "SampledRequestsEnabled": true, }, }, ], "Scope": "REGIONAL", "VisibilityConfig": { "CloudWatchMetricsEnabled": true, "MetricName": "ELTIAPIWebACL", "SampledRequestsEnabled": true, }, }, "Type": "AWS::WAFv2::WebACL", }, "keysltiAsymmetricKeyAliasEA5232E2": { "Properties": { "AliasName": "alias/ltiAsymmetricKey", "TargetKeyId": { "Fn::GetAtt": [ "keysltiAsymmetricKeyFE868879", "Arn", ], }, }, "Type": "AWS::KMS::Alias", }, "keysltiAsymmetricKeyFE868879": { "DeletionPolicy": "Delete", "Properties": { "Description": "KMS key for signing and verification of JSON Web Tokens (JWT)", "EnableKeyRotation": false, "KeyPolicy": { "Statement": [ { "Action": "kms:*", "Effect": "Allow", "Principal": { "AWS": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::", { "Ref": "AWS::AccountId", }, ":root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, "KeySpec": "RSA_2048", "KeyUsage": "SIGN_VERIFY", "PendingWindowInDays": 7, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Delete", }, "lambdasauthorizerProxy06FC2F8A": { "DependsOn": [ "lambdasauthorizerProxyLogRetentionPolicyAFCAC745", "lambdasauthorizerProxyRoleDefaultPolicy285BFA17", "lambdasauthorizerProxyRole5A1F7C54", ], "Properties": { "Architectures": [ "arm64", ], "Code": { "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "acebb000645e43a1d1e998a83872773d084c29358c026e47da5d0955738c29f7.zip", }, "Environment": { "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", "DATA_PLANE_TABLE_NAME": { "Ref": "tablesdataPlaneTable57BF29C7", }, "KMS_KEY_ID": { "Ref": "keysltiAsymmetricKeyFE868879", }, "LOG_LEVEL": "debug", "POWERTOOLS_METRICS_NAMESPACE": "lti", "POWERTOOLS_SERVICE_NAME": "authorizerProxy", }, }, "Handler": "index.handler", "Layers": [ { "Ref": "lambdaslayerUtilF24D5864", }, ], "MemorySize": 256, "Role": { "Fn::GetAtt": [ "lambdasauthorizerProxyRole5A1F7C54", "Arn", ], }, "Runtime": "nodejs18.x", "Timeout": 30, "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, "lambdasauthorizerProxyLogRetention33D9799B": { "DependsOn": [ "lambdasauthorizerProxyLogRetentionPolicyAFCAC745", ], "Properties": { "LogGroupName": { "Fn::Join": [ "", [ "/aws/lambda/", { "Ref": "lambdasauthorizerProxy06FC2F8A", }, ], ], }, "RetentionInDays": 3653, "ServiceToken": { "Fn::GetAtt": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", "Arn", ], }, }, "Type": "Custom::LogRetention", }, "lambdasauthorizerProxyLogRetentionPolicyAFCAC745": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "Description": "", "Path": "/", "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:PutRetentionPolicy", "logs:DeleteRetentionPolicy", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/*", ], ], }, }, ], "Version": "2012-10-17", }, "Roles": [ { "Ref": "lambdasauthorizerProxyLogRetentionRole43E8C095", }, ], }, "Type": "AWS::IAM::ManagedPolicy", }, "lambdasauthorizerProxyLogRetentionRole43E8C095": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "lambdasauthorizerProxyPolicy1FB89040": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "Description": "", "Path": "/", "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:", { "Fn::GetAtt": [ "lambdasauthorizerProxyLogRetention33D9799B", "LogGroupName", ], }, ":*", ], ], }, }, ], "Version": "2012-10-17", }, "Roles": [ { "Ref": "lambdasauthorizerProxyRole5A1F7C54", }, ], }, "Type": "AWS::IAM::ManagedPolicy", }, "lambdasauthorizerProxyRole5A1F7C54": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "lambdasauthorizerProxyRoleDefaultPolicy285BFA17": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, { "Action": [ "dynamodb:BatchGetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:Query", "dynamodb:GetItem", "dynamodb:Scan", "dynamodb:ConditionCheckItem", "dynamodb:BatchWriteItem", "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:DescribeTable", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "tablesdataPlaneTable57BF29C7", "Arn", ], }, { "Ref": "AWS::NoValue", }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "lambdasauthorizerProxyRoleDefaultPolicy285BFA17", "Roles": [ { "Ref": "lambdasauthorizerProxyRole5A1F7C54", }, ], }, "Type": "AWS::IAM::Policy", }, "lambdasdeepLinkingProxy6C034861": { "DependsOn": [ "lambdasdeepLinkingProxyLogRetentionPolicyAD1076B6", "lambdasdeepLinkingProxyRoleDefaultPolicyD95D557A", "lambdasdeepLinkingProxyRole73AD3815", ], "Properties": { "Architectures": [ "arm64", ], "Code": { "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "7afaea21f0a09d1bafca680d84bfbc7a12f6a56331e4f2e5388099e4644b1bd6.zip", }, "Environment": { "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", "CONTROL_PLANE_TABLE_NAME": { "Ref": "tablescontrolPlaneTable49F703D0", }, "DATA_PLANE_TABLE_NAME": { "Ref": "tablesdataPlaneTable57BF29C7", }, "KMS_KEY_ID": { "Ref": "keysltiAsymmetricKeyFE868879", }, "LOG_LEVEL": "debug", "POWERTOOLS_METRICS_NAMESPACE": "lti", "POWERTOOLS_SERVICE_NAME": "deepLinkingProxy", }, }, "Handler": "index.handler", "Layers": [ { "Ref": "lambdaslayerUtilF24D5864", }, ], "MemorySize": 256, "Role": { "Fn::GetAtt": [ "lambdasdeepLinkingProxyRole73AD3815", "Arn", ], }, "Runtime": "nodejs18.x", "Timeout": 30, "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, "lambdasdeepLinkingProxyLogRetention8EF2EEF7": { "DependsOn": [ "lambdasdeepLinkingProxyLogRetentionPolicyAD1076B6", ], "Properties": { "LogGroupName": { "Fn::Join": [ "", [ "/aws/lambda/", { "Ref": "lambdasdeepLinkingProxy6C034861", }, ], ], }, "RetentionInDays": 3653, "ServiceToken": { "Fn::GetAtt": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", "Arn", ], }, }, "Type": "Custom::LogRetention", }, "lambdasdeepLinkingProxyLogRetentionPolicyAD1076B6": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "Description": "", "Path": "/", "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:PutRetentionPolicy", "logs:DeleteRetentionPolicy", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/*", ], ], }, }, ], "Version": "2012-10-17", }, "Roles": [ { "Ref": "lambdasdeepLinkingProxyLogRetentionRoleF39563F1", }, ], }, "Type": "AWS::IAM::ManagedPolicy", }, "lambdasdeepLinkingProxyLogRetentionRoleF39563F1": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "lambdasdeepLinkingProxyPolicyE30517CC": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "Description": "", "Path": "/", "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:", { "Fn::GetAtt": [ "lambdasdeepLinkingProxyLogRetention8EF2EEF7", "LogGroupName", ], }, ":*", ], ], }, }, ], "Version": "2012-10-17", }, "Roles": [ { "Ref": "lambdasdeepLinkingProxyRole73AD3815", }, ], }, "Type": "AWS::IAM::ManagedPolicy", }, "lambdasdeepLinkingProxyRole73AD3815": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "lambdasdeepLinkingProxyRoleDefaultPolicyD95D557A": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, { "Action": [ "dynamodb:BatchGetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:Query", "dynamodb:GetItem", "dynamodb:Scan", "dynamodb:ConditionCheckItem", "dynamodb:DescribeTable", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "tablescontrolPlaneTable49F703D0", "Arn", ], }, { "Ref": "AWS::NoValue", }, ], }, { "Action": [ "dynamodb:BatchGetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:Query", "dynamodb:GetItem", "dynamodb:Scan", "dynamodb:ConditionCheckItem", "dynamodb:BatchWriteItem", "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:DescribeTable", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "tablesdataPlaneTable57BF29C7", "Arn", ], }, { "Ref": "AWS::NoValue", }, ], }, { "Action": [ "kms:Verify", "kms:GetPublicKey", "kms:Sign", ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "keysltiAsymmetricKeyFE868879", "Arn", ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "lambdasdeepLinkingProxyRoleDefaultPolicyD95D557A", "Roles": [ { "Ref": "lambdasdeepLinkingProxyRole73AD3815", }, ], }, "Type": "AWS::IAM::Policy", }, "lambdaslayerUtilF24D5864": { "Properties": { "CompatibleRuntimes": [ "nodejs18.x", ], "Content": { "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "e7081ef9ec3b08f8460d230e5f0985acf8ffc59d73f43732aa530f4203ee818a.zip", }, "Description": "LTI utility functions", }, "Type": "AWS::Lambda::LayerVersion", }, "lambdasltiJwksC1ADFCB8": { "DependsOn": [ "lambdasltiJwksLogRetentionPolicy87F4CEDA", "lambdasltiJwksRoleDefaultPolicy4676E133", "lambdasltiJwksRole046B1089", ], "Properties": { "Architectures": [ "arm64", ], "Code": { "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "5f6c9c3465ee1d8f44930a9abb343a50836ebb61e79c709a1f868c1e1d0bc594.zip", }, "Environment": { "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", "CONTROL_PLANE_TABLE_NAME": { "Ref": "tablescontrolPlaneTable49F703D0", }, "KMS_KEY_ID": { "Ref": "keysltiAsymmetricKeyFE868879", }, "LOG_LEVEL": "debug", "POWERTOOLS_METRICS_NAMESPACE": "lti", "POWERTOOLS_SERVICE_NAME": "jwks", }, }, "Handler": "index.handler", "Layers": [ { "Ref": "lambdaslayerUtilF24D5864", }, ], "MemorySize": 256, "Role": { "Fn::GetAtt": [ "lambdasltiJwksRole046B1089", "Arn", ], }, "Runtime": "nodejs18.x", "Timeout": 30, "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, "lambdasltiJwksLogRetentionEB820CAC": { "DependsOn": [ "lambdasltiJwksLogRetentionPolicy87F4CEDA", ], "Properties": { "LogGroupName": { "Fn::Join": [ "", [ "/aws/lambda/", { "Ref": "lambdasltiJwksC1ADFCB8", }, ], ], }, "RetentionInDays": 3653, "ServiceToken": { "Fn::GetAtt": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", "Arn", ], }, }, "Type": "Custom::LogRetention", }, "lambdasltiJwksLogRetentionPolicy87F4CEDA": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "Description": "", "Path": "/", "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:PutRetentionPolicy", "logs:DeleteRetentionPolicy", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/*", ], ], }, }, ], "Version": "2012-10-17", }, "Roles": [ { "Ref": "lambdasltiJwksLogRetentionRole54C054A5", }, ], }, "Type": "AWS::IAM::ManagedPolicy", }, "lambdasltiJwksLogRetentionRole54C054A5": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "lambdasltiJwksPolicyB1C10E03": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "Description": "", "Path": "/", "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:", { "Fn::GetAtt": [ "lambdasltiJwksLogRetentionEB820CAC", "LogGroupName", ], }, ":*", ], ], }, }, ], "Version": "2012-10-17", }, "Roles": [ { "Ref": "lambdasltiJwksRole046B1089", }, ], }, "Type": "AWS::IAM::ManagedPolicy", }, "lambdasltiJwksRole046B1089": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "lambdasltiJwksRoleDefaultPolicy4676E133": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, { "Action": [ "dynamodb:BatchGetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:Query", "dynamodb:GetItem", "dynamodb:Scan", "dynamodb:ConditionCheckItem", "dynamodb:BatchWriteItem", "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:DescribeTable", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "tablescontrolPlaneTable49F703D0", "Arn", ], }, { "Ref": "AWS::NoValue", }, ], }, { "Action": [ "kms:Verify", "kms:GetPublicKey", "kms:Sign", ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "keysltiAsymmetricKeyFE868879", "Arn", ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "lambdasltiJwksRoleDefaultPolicy4676E133", "Roles": [ { "Ref": "lambdasltiJwksRole046B1089", }, ], }, "Type": "AWS::IAM::Policy", }, "lambdasltiLaunch4A18F0B1": { "DependsOn": [ "lambdasltiLaunchLogRetentionPolicyA91F9783", "lambdasltiLaunchRoleDefaultPolicy09ACD7A4", "lambdasltiLaunchRole34FBA536", ], "Properties": { "Architectures": [ "arm64", ], "Code": { "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "11f79f5eaf629412200cdf6824ea458dd964564772f6728307c59fc6034595b6.zip", }, "Environment": { "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", "CONTROL_PLANE_TABLE_NAME": { "Ref": "tablescontrolPlaneTable49F703D0", }, "DATA_PLANE_TABLE_NAME": { "Ref": "tablesdataPlaneTable57BF29C7", }, "KMS_KEY_ID": { "Ref": "keysltiAsymmetricKeyFE868879", }, "LOG_LEVEL": "debug", "POWERTOOLS_METRICS_NAMESPACE": "lti", "POWERTOOLS_SERVICE_NAME": "launch", }, }, "Handler": "index.handler", "Layers": [ { "Ref": "lambdaslayerUtilF24D5864", }, ], "MemorySize": 256, "Role": { "Fn::GetAtt": [ "lambdasltiLaunchRole34FBA536", "Arn", ], }, "Runtime": "nodejs18.x", "Timeout": 30, "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, "lambdasltiLaunchLogRetention27246C34": { "DependsOn": [ "lambdasltiLaunchLogRetentionPolicyA91F9783", ], "Properties": { "LogGroupName": { "Fn::Join": [ "", [ "/aws/lambda/", { "Ref": "lambdasltiLaunch4A18F0B1", }, ], ], }, "RetentionInDays": 3653, "ServiceToken": { "Fn::GetAtt": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", "Arn", ], }, }, "Type": "Custom::LogRetention", }, "lambdasltiLaunchLogRetentionPolicyA91F9783": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "Description": "", "Path": "/", "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:PutRetentionPolicy", "logs:DeleteRetentionPolicy", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/*", ], ], }, }, ], "Version": "2012-10-17", }, "Roles": [ { "Ref": "lambdasltiLaunchLogRetentionRole44DAC9E8", }, ], }, "Type": "AWS::IAM::ManagedPolicy", }, "lambdasltiLaunchLogRetentionRole44DAC9E8": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "lambdasltiLaunchPolicy8319A15D": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "Description": "", "Path": "/", "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:", { "Fn::GetAtt": [ "lambdasltiLaunchLogRetention27246C34", "LogGroupName", ], }, ":*", ], ], }, }, ], "Version": "2012-10-17", }, "Roles": [ { "Ref": "lambdasltiLaunchRole34FBA536", }, ], }, "Type": "AWS::IAM::ManagedPolicy", }, "lambdasltiLaunchRole34FBA536": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "lambdasltiLaunchRoleDefaultPolicy09ACD7A4": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, { "Action": [ "dynamodb:BatchGetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:Query", "dynamodb:GetItem", "dynamodb:Scan", "dynamodb:ConditionCheckItem", "dynamodb:BatchWriteItem", "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:DescribeTable", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "tablescontrolPlaneTable49F703D0", "Arn", ], }, { "Ref": "AWS::NoValue", }, ], }, { "Action": [ "dynamodb:BatchGetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:Query", "dynamodb:GetItem", "dynamodb:Scan", "dynamodb:ConditionCheckItem", "dynamodb:BatchWriteItem", "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:DescribeTable", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "tablesdataPlaneTable57BF29C7", "Arn", ], }, { "Ref": "AWS::NoValue", }, ], }, { "Action": [ "kms:Verify", "kms:GetPublicKey", "kms:Sign", ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "keysltiAsymmetricKeyFE868879", "Arn", ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "lambdasltiLaunchRoleDefaultPolicy09ACD7A4", "Roles": [ { "Ref": "lambdasltiLaunchRole34FBA536", }, ], }, "Type": "AWS::IAM::Policy", }, "lambdasltiOidcFA92D3C4": { "DependsOn": [ "lambdasltiOidcLogRetentionPolicy675CD70E", "lambdasltiOidcRoleDefaultPolicyFC31BF66", "lambdasltiOidcRole4647658A", ], "Properties": { "Architectures": [ "arm64", ], "Code": { "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "6d36685fcc07cd7440b8566ac2ab1a30a2e586e61a54b5d96775d1491b661c94.zip", }, "Environment": { "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", "CONTROL_PLANE_TABLE_NAME": { "Ref": "tablescontrolPlaneTable49F703D0", }, "DATA_PLANE_TABLE_NAME": { "Ref": "tablesdataPlaneTable57BF29C7", }, "LOG_LEVEL": "debug", "POWERTOOLS_METRICS_NAMESPACE": "lti", "POWERTOOLS_SERVICE_NAME": "oidc", "STATE_TTL": "7200", }, }, "Handler": "index.handler", "Layers": [ { "Ref": "lambdaslayerUtilF24D5864", }, ], "MemorySize": 256, "Role": { "Fn::GetAtt": [ "lambdasltiOidcRole4647658A", "Arn", ], }, "Runtime": "nodejs18.x", "Timeout": 30, "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, "lambdasltiOidcLogRetentionD7D05676": { "DependsOn": [ "lambdasltiOidcLogRetentionPolicy675CD70E", ], "Properties": { "LogGroupName": { "Fn::Join": [ "", [ "/aws/lambda/", { "Ref": "lambdasltiOidcFA92D3C4", }, ], ], }, "RetentionInDays": 3653, "ServiceToken": { "Fn::GetAtt": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", "Arn", ], }, }, "Type": "Custom::LogRetention", }, "lambdasltiOidcLogRetentionPolicy675CD70E": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "Description": "", "Path": "/", "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:PutRetentionPolicy", "logs:DeleteRetentionPolicy", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/*", ], ], }, }, ], "Version": "2012-10-17", }, "Roles": [ { "Ref": "lambdasltiOidcLogRetentionRoleF898250A", }, ], }, "Type": "AWS::IAM::ManagedPolicy", }, "lambdasltiOidcLogRetentionRoleDefaultPolicy7B838846": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "logs:PutRetentionPolicy", "logs:DeleteRetentionPolicy", ], "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "lambdasltiOidcLogRetentionRoleDefaultPolicy7B838846", "Roles": [ { "Ref": "lambdasltiOidcLogRetentionRoleF898250A", }, ], }, "Type": "AWS::IAM::Policy", }, "lambdasltiOidcLogRetentionRoleF898250A": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "lambdasltiOidcPolicy6BB27287": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "Description": "", "Path": "/", "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:", { "Fn::GetAtt": [ "lambdasltiOidcLogRetentionD7D05676", "LogGroupName", ], }, ":*", ], ], }, }, ], "Version": "2012-10-17", }, "Roles": [ { "Ref": "lambdasltiOidcRole4647658A", }, ], }, "Type": "AWS::IAM::ManagedPolicy", }, "lambdasltiOidcRole4647658A": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "lambdasltiOidcRoleDefaultPolicyFC31BF66": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, { "Action": [ "dynamodb:BatchGetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:Query", "dynamodb:GetItem", "dynamodb:Scan", "dynamodb:ConditionCheckItem", "dynamodb:DescribeTable", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "tablescontrolPlaneTable49F703D0", "Arn", ], }, { "Ref": "AWS::NoValue", }, ], }, { "Action": [ "dynamodb:BatchGetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:Query", "dynamodb:GetItem", "dynamodb:Scan", "dynamodb:ConditionCheckItem", "dynamodb:BatchWriteItem", "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:DescribeTable", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "tablesdataPlaneTable57BF29C7", "Arn", ], }, { "Ref": "AWS::NoValue", }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "lambdasltiOidcRoleDefaultPolicyFC31BF66", "Roles": [ { "Ref": "lambdasltiOidcRole4647658A", }, ], }, "Type": "AWS::IAM::Policy", }, "lambdasltiPlatformRegister68BD8997": { "DependsOn": [ "lambdasltiPlatformRegisterLogRetentionPolicyEBDD566E", "lambdasltiPlatformRegisterRoleDefaultPolicy49692446", "lambdasltiPlatformRegisterRoleF4E57286", ], "Properties": { "Architectures": [ "arm64", ], "Code": { "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "b90eec1f09fd904728431103e196b240387cdcc588895e21ffce0b81d577adb9.zip", }, "Environment": { "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", "CONTROL_PLANE_TABLE_NAME": { "Ref": "tablescontrolPlaneTable49F703D0", }, "LOG_LEVEL": "debug", "POWERTOOLS_METRICS_NAMESPACE": "lti", "POWERTOOLS_SERVICE_NAME": "platformRegister", }, }, "Handler": "index.handler", "Layers": [ { "Ref": "lambdaslayerUtilF24D5864", }, ], "MemorySize": 256, "Role": { "Fn::GetAtt": [ "lambdasltiPlatformRegisterRoleF4E57286", "Arn", ], }, "Runtime": "nodejs18.x", "Timeout": 30, "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, "lambdasltiPlatformRegisterLogRetentionF6EEEEE5": { "DependsOn": [ "lambdasltiPlatformRegisterLogRetentionPolicyEBDD566E", ], "Properties": { "LogGroupName": { "Fn::Join": [ "", [ "/aws/lambda/", { "Ref": "lambdasltiPlatformRegister68BD8997", }, ], ], }, "RetentionInDays": 3653, "ServiceToken": { "Fn::GetAtt": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", "Arn", ], }, }, "Type": "Custom::LogRetention", }, "lambdasltiPlatformRegisterLogRetentionPolicyEBDD566E": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "Description": "", "Path": "/", "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:PutRetentionPolicy", "logs:DeleteRetentionPolicy", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/*", ], ], }, }, ], "Version": "2012-10-17", }, "Roles": [ { "Ref": "lambdasltiPlatformRegisterLogRetentionRole7B395F04", }, ], }, "Type": "AWS::IAM::ManagedPolicy", }, "lambdasltiPlatformRegisterLogRetentionRole7B395F04": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "lambdasltiPlatformRegisterPolicy522AAB89": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "Description": "", "Path": "/", "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:", { "Fn::GetAtt": [ "lambdasltiPlatformRegisterLogRetentionF6EEEEE5", "LogGroupName", ], }, ":*", ], ], }, }, ], "Version": "2012-10-17", }, "Roles": [ { "Ref": "lambdasltiPlatformRegisterRoleF4E57286", }, ], }, "Type": "AWS::IAM::ManagedPolicy", }, "lambdasltiPlatformRegisterRoleDefaultPolicy49692446": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, { "Action": [ "dynamodb:BatchWriteItem", "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:DescribeTable", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "tablescontrolPlaneTable49F703D0", "Arn", ], }, { "Ref": "AWS::NoValue", }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "lambdasltiPlatformRegisterRoleDefaultPolicy49692446", "Roles": [ { "Ref": "lambdasltiPlatformRegisterRoleF4E57286", }, ], }, "Type": "AWS::IAM::Policy", }, "lambdasltiPlatformRegisterRoleF4E57286": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "lambdasltiToolConfigAF290814": { "DependsOn": [ "lambdasltiToolConfigLogRetentionPolicy92FC99A7", "lambdasltiToolConfigRoleDefaultPolicy1FA19060", "lambdasltiToolConfigRoleF95D8DE7", ], "Properties": { "Architectures": [ "arm64", ], "Code": { "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "2be39fe7e3afea2bbc9872198fc4b490ace89e51588f907e1b2c3020730d62fc.zip", }, "Environment": { "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", "CONTROL_PLANE_TABLE_NAME": { "Ref": "tablescontrolPlaneTable49F703D0", }, "LOG_LEVEL": "debug", "POWERTOOLS_METRICS_NAMESPACE": "lti", "POWERTOOLS_SERVICE_NAME": "toolConfig", }, }, "Handler": "index.handler", "Layers": [ { "Ref": "lambdaslayerUtilF24D5864", }, ], "MemorySize": 256, "Role": { "Fn::GetAtt": [ "lambdasltiToolConfigRoleF95D8DE7", "Arn", ], }, "Runtime": "nodejs18.x", "Timeout": 30, "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, "lambdasltiToolConfigLogRetention1CF42CE6": { "DependsOn": [ "lambdasltiToolConfigLogRetentionPolicy92FC99A7", ], "Properties": { "LogGroupName": { "Fn::Join": [ "", [ "/aws/lambda/", { "Ref": "lambdasltiToolConfigAF290814", }, ], ], }, "RetentionInDays": 3653, "ServiceToken": { "Fn::GetAtt": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", "Arn", ], }, }, "Type": "Custom::LogRetention", }, "lambdasltiToolConfigLogRetentionPolicy92FC99A7": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "Description": "", "Path": "/", "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:PutRetentionPolicy", "logs:DeleteRetentionPolicy", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/*", ], ], }, }, ], "Version": "2012-10-17", }, "Roles": [ { "Ref": "lambdasltiToolConfigLogRetentionRole320F4264", }, ], }, "Type": "AWS::IAM::ManagedPolicy", }, "lambdasltiToolConfigLogRetentionRole320F4264": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "lambdasltiToolConfigPolicy36AE0028": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "Description": "", "Path": "/", "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:", { "Fn::GetAtt": [ "lambdasltiToolConfigLogRetention1CF42CE6", "LogGroupName", ], }, ":*", ], ], }, }, ], "Version": "2012-10-17", }, "Roles": [ { "Ref": "lambdasltiToolConfigRoleF95D8DE7", }, ], }, "Type": "AWS::IAM::ManagedPolicy", }, "lambdasltiToolConfigRoleDefaultPolicy1FA19060": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, { "Action": [ "dynamodb:BatchWriteItem", "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:DescribeTable", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "tablescontrolPlaneTable49F703D0", "Arn", ], }, { "Ref": "AWS::NoValue", }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "lambdasltiToolConfigRoleDefaultPolicy1FA19060", "Roles": [ { "Ref": "lambdasltiToolConfigRoleF95D8DE7", }, ], }, "Type": "AWS::IAM::Policy", }, "lambdasltiToolConfigRoleF95D8DE7": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "lambdasscoreSubmission63FC62E4": { "DependsOn": [ "lambdasscoreSubmissionLogRetentionPolicy2BB71258", "lambdasscoreSubmissionRoleDefaultPolicy9C9198AC", "lambdasscoreSubmissionRoleCE1A9D7C", ], "Properties": { "Architectures": [ "arm64", ], "Code": { "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "3c62f0cbbb12094f9c2db2e7f9f38227cf2a4f79c9a5942ce45764dd0b680bba.zip", }, "Environment": { "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", "CONTROL_PLANE_TABLE_NAME": { "Ref": "tablescontrolPlaneTable49F703D0", }, "DATA_PLANE_TABLE_NAME": { "Ref": "tablesdataPlaneTable57BF29C7", }, "KMS_KEY_ID": { "Ref": "keysltiAsymmetricKeyFE868879", }, "LOG_LEVEL": "debug", "POWERTOOLS_METRICS_NAMESPACE": "lti", "POWERTOOLS_SERVICE_NAME": "scoreSubmission", }, }, "Handler": "index.handler", "Layers": [ { "Ref": "lambdaslayerUtilF24D5864", }, ], "MemorySize": 256, "Role": { "Fn::GetAtt": [ "lambdasscoreSubmissionRoleCE1A9D7C", "Arn", ], }, "Runtime": "nodejs18.x", "Timeout": 30, "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, "lambdasscoreSubmissionLogRetentionB8AA2124": { "DependsOn": [ "lambdasscoreSubmissionLogRetentionPolicy2BB71258", ], "Properties": { "LogGroupName": { "Fn::Join": [ "", [ "/aws/lambda/", { "Ref": "lambdasscoreSubmission63FC62E4", }, ], ], }, "RetentionInDays": 3653, "ServiceToken": { "Fn::GetAtt": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", "Arn", ], }, }, "Type": "Custom::LogRetention", }, "lambdasscoreSubmissionLogRetentionPolicy2BB71258": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "Description": "", "Path": "/", "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:PutRetentionPolicy", "logs:DeleteRetentionPolicy", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/*", ], ], }, }, ], "Version": "2012-10-17", }, "Roles": [ { "Ref": "lambdasscoreSubmissionLogRetentionRole968BE2EA", }, ], }, "Type": "AWS::IAM::ManagedPolicy", }, "lambdasscoreSubmissionLogRetentionRole968BE2EA": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "lambdasscoreSubmissionPolicyAFDABE08": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "Description": "", "Path": "/", "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:", { "Fn::GetAtt": [ "lambdasscoreSubmissionLogRetentionB8AA2124", "LogGroupName", ], }, ":*", ], ], }, }, ], "Version": "2012-10-17", }, "Roles": [ { "Ref": "lambdasscoreSubmissionRoleCE1A9D7C", }, ], }, "Type": "AWS::IAM::ManagedPolicy", }, "lambdasscoreSubmissionRoleCE1A9D7C": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "lambdasscoreSubmissionRoleDefaultPolicy9C9198AC": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, { "Action": [ "dynamodb:BatchGetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:Query", "dynamodb:GetItem", "dynamodb:Scan", "dynamodb:ConditionCheckItem", "dynamodb:DescribeTable", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "tablescontrolPlaneTable49F703D0", "Arn", ], }, { "Ref": "AWS::NoValue", }, ], }, { "Action": [ "dynamodb:BatchGetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:Query", "dynamodb:GetItem", "dynamodb:Scan", "dynamodb:ConditionCheckItem", "dynamodb:BatchWriteItem", "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:DescribeTable", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "tablesdataPlaneTable57BF29C7", "Arn", ], }, { "Ref": "AWS::NoValue", }, ], }, { "Action": [ "kms:Verify", "kms:GetPublicKey", "kms:Sign", ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "keysltiAsymmetricKeyFE868879", "Arn", ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "lambdasscoreSubmissionRoleDefaultPolicy9C9198AC", "Roles": [ { "Ref": "lambdasscoreSubmissionRoleCE1A9D7C", }, ], }, "Type": "AWS::IAM::Policy", }, "lambdastokenProxy38E950E5": { "DependsOn": [ "lambdastokenProxyLogRetentionPolicy7A964B11", "lambdastokenProxyRoleDefaultPolicyB9910994", "lambdastokenProxyRole47CD04F8", ], "Properties": { "Architectures": [ "arm64", ], "Code": { "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "8a10574186a9176a9649517f8537ce6088d1682e839886778a407c35f7e3a9ac.zip", }, "Environment": { "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", "DATA_PLANE_TABLE_NAME": { "Ref": "tablesdataPlaneTable57BF29C7", }, "KMS_KEY_ID": { "Ref": "keysltiAsymmetricKeyFE868879", }, "LOG_LEVEL": "debug", "POWERTOOLS_METRICS_NAMESPACE": "lti", "POWERTOOLS_SERVICE_NAME": "tokenProxy", }, }, "Handler": "index.handler", "Layers": [ { "Ref": "lambdaslayerUtilF24D5864", }, ], "MemorySize": 256, "Role": { "Fn::GetAtt": [ "lambdastokenProxyRole47CD04F8", "Arn", ], }, "Runtime": "nodejs18.x", "Timeout": 30, "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, "lambdastokenProxyLogRetention30E38D4B": { "DependsOn": [ "lambdastokenProxyLogRetentionPolicy7A964B11", ], "Properties": { "LogGroupName": { "Fn::Join": [ "", [ "/aws/lambda/", { "Ref": "lambdastokenProxy38E950E5", }, ], ], }, "RetentionInDays": 3653, "ServiceToken": { "Fn::GetAtt": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", "Arn", ], }, }, "Type": "Custom::LogRetention", }, "lambdastokenProxyLogRetentionPolicy7A964B11": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "Description": "", "Path": "/", "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:PutRetentionPolicy", "logs:DeleteRetentionPolicy", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/*", ], ], }, }, ], "Version": "2012-10-17", }, "Roles": [ { "Ref": "lambdastokenProxyLogRetentionRoleA7CDDCE4", }, ], }, "Type": "AWS::IAM::ManagedPolicy", }, "lambdastokenProxyLogRetentionRoleA7CDDCE4": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "lambdastokenProxyPolicy41CD7244": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "Description": "", "Path": "/", "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:", { "Fn::GetAtt": [ "lambdastokenProxyLogRetention30E38D4B", "LogGroupName", ], }, ":*", ], ], }, }, ], "Version": "2012-10-17", }, "Roles": [ { "Ref": "lambdastokenProxyRole47CD04F8", }, ], }, "Type": "AWS::IAM::ManagedPolicy", }, "lambdastokenProxyRole47CD04F8": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "lambdastokenProxyRoleDefaultPolicyB9910994": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Suppress all AwsSolutions-IAM5 findings on ltiNodejsFunction role as required by log group.", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, { "Action": [ "dynamodb:BatchGetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:Query", "dynamodb:GetItem", "dynamodb:Scan", "dynamodb:ConditionCheckItem", "dynamodb:BatchWriteItem", "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:DescribeTable", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "tablesdataPlaneTable57BF29C7", "Arn", ], }, { "Ref": "AWS::NoValue", }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "lambdastokenProxyRoleDefaultPolicyB9910994", "Roles": [ { "Ref": "lambdastokenProxyRole47CD04F8", }, ], }, "Type": "AWS::IAM::Policy", }, "tablescontrolPlaneTable49F703D0": { "DeletionPolicy": "Retain", "Properties": { "AttributeDefinitions": [ { "AttributeName": "PK", "AttributeType": "S", }, ], "BillingMode": "PAY_PER_REQUEST", "KeySchema": [ { "AttributeName": "PK", "KeyType": "HASH", }, ], "PointInTimeRecoverySpecification": { "PointInTimeRecoveryEnabled": true, }, "SSESpecification": { "SSEEnabled": true, }, "TimeToLiveSpecification": { "AttributeName": "ttl", "Enabled": true, }, }, "Type": "AWS::DynamoDB::Table", "UpdateReplacePolicy": "Retain", }, "tablesdataPlaneTable57BF29C7": { "DeletionPolicy": "Retain", "Properties": { "AttributeDefinitions": [ { "AttributeName": "PK", "AttributeType": "S", }, ], "BillingMode": "PAY_PER_REQUEST", "KeySchema": [ { "AttributeName": "PK", "KeyType": "HASH", }, ], "PointInTimeRecoverySpecification": { "PointInTimeRecoveryEnabled": true, }, "SSESpecification": { "SSEEnabled": true, }, "TimeToLiveSpecification": { "AttributeName": "ttl", "Enabled": true, }, }, "Type": "AWS::DynamoDB::Table", "UpdateReplacePolicy": "Retain", }, }, "Rules": { "CheckBootstrapVersion": { "Assertions": [ { "Assert": { "Fn::Not": [ { "Fn::Contains": [ [ "1", "2", "3", "4", "5", ], { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `;