// Jest Snapshot v1, https://goo.gl/fbAQLP exports[`OpenAPI Gateway Rest Api Construct Unit Tests Create 2 APIs on same stack 1`] = ` Object { "Outputs": Object { "ApiTest1EndpointFCE7CA87": Object { "Value": Object { "Fn::Join": Array [ "", Array [ "https://", Object { "Ref": "ApiTest1E0FDBC81", }, ".execute-api.", Object { "Ref": "AWS::Region", }, ".", Object { "Ref": "AWS::URLSuffix", }, "/", Object { "Ref": "ApiTest1DeploymentStageprod6B6E3F66", }, "/", ], ], }, }, "ApiTest2Endpoint37683897": Object { "Value": Object { "Fn::Join": Array [ "", Array [ "https://", Object { "Ref": "ApiTest29D927A57", }, ".execute-api.", Object { "Ref": "AWS::Region", }, ".", Object { "Ref": "AWS::URLSuffix", }, "/", Object { "Ref": "ApiTest2DeploymentStageprodF3467DC1", }, "/", ], ], }, }, }, "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "ApiTest1AccessLogsC273067A": Object { "DeletionPolicy": "Retain", "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "RetentionInDays": 731, }, "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, "ApiTest1Account37F1A1C0": Object { "DeletionPolicy": "Retain", "DependsOn": Array [ "ApiTest1E0FDBC81", "ApiTest1PrepareSpecCustomResource30CD03AA", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "CloudWatchRoleArn": Object { "Fn::GetAtt": Array [ "ApiTest1CloudWatchRole30B84AB0", "Arn", ], }, }, "Type": "AWS::ApiGateway::Account", "UpdateReplacePolicy": "Retain", }, "ApiTest1ApiTest1AclWebACL4CD0F6DD": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "DefaultAction": Object { "Allow": Object {}, }, "Name": "Default--ApiTest1-Acl-WebAcl", "Rules": Array [ Object { "Name": "AWS-AWSManagedRulesCommonRuleSet", "OverrideAction": Object { "None": Object {}, }, "Priority": 2, "Statement": Object { "ManagedRuleGroupStatement": Object { "Name": "AWSManagedRulesCommonRuleSet", "VendorName": "AWS", }, }, "VisibilityConfig": Object { "CloudWatchMetricsEnabled": true, "MetricName": "Default--ApiTest1-Acl-WebAcl-AWS-AWSManagedRulesCommonRuleSet", "SampledRequestsEnabled": true, }, }, ], "Scope": "REGIONAL", "VisibilityConfig": Object { "CloudWatchMetricsEnabled": true, "MetricName": "Default--ApiTest1-Acl-WebAcl", "SampledRequestsEnabled": true, }, }, "Type": "AWS::WAFv2::WebACL", }, "ApiTest1ApiTest1AclWebACLAssociationAFA8584F": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "ResourceArn": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":apigateway:", Object { "Ref": "AWS::Region", }, "::/restapis/", Object { "Ref": "ApiTest1E0FDBC81", }, "/stages/", Object { "Ref": "ApiTest1DeploymentStageprod6B6E3F66", }, ], ], }, "WebACLArn": Object { "Fn::GetAtt": Array [ "ApiTest1ApiTest1AclWebACL4CD0F6DD", "Arn", ], }, }, "Type": "AWS::WAFv2::WebACLAssociation", }, "ApiTest1CloudWatchRole30B84AB0": Object { "DeletionPolicy": "Retain", "DependsOn": Array [ "ApiTest1PrepareSpecCustomResource30CD03AA", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "apigateway.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", ], ], }, ], }, "Type": "AWS::IAM::Role", "UpdateReplacePolicy": "Retain", }, "ApiTest1Deployment2E308FF82fc4f0a458a5f6de41661a6b62b5c224": Object { "DependsOn": Array [ "ApiTest1PrepareSpecCustomResource30CD03AA", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Description": "Automatically created by the RestApi construct", "RestApiId": Object { "Ref": "ApiTest1E0FDBC81", }, }, "Type": "AWS::ApiGateway::Deployment", }, "ApiTest1DeploymentStageprod6B6E3F66": Object { "DependsOn": Array [ "ApiTest1Account37F1A1C0", "ApiTest1PrepareSpecCustomResource30CD03AA", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AccessLogSetting": Object { "DestinationArn": Object { "Fn::GetAtt": Array [ "ApiTest1AccessLogsC273067A", "Arn", ], }, "Format": "$context.identity.sourceIp $context.identity.caller $context.identity.user [$context.requestTime] \\"$context.httpMethod $context.resourcePath $context.protocol\\" $context.status $context.responseLength $context.requestId", }, "DeploymentId": Object { "Ref": "ApiTest1Deployment2E308FF82fc4f0a458a5f6de41661a6b62b5c224", }, "MethodSettings": Array [ Object { "DataTraceEnabled": false, "HttpMethod": "*", "LoggingLevel": "INFO", "ResourcePath": "/*", }, ], "RestApiId": Object { "Ref": "ApiTest1E0FDBC81", }, "StageName": "prod", }, "Type": "AWS::ApiGateway::Stage", }, "ApiTest1E0FDBC81": Object { "DependsOn": Array [ "ApiTest1PrepareSpecCustomResource30CD03AA", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "BodyS3Location": Object { "Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "Key": Object { "Fn::GetAtt": Array [ "ApiTest1PrepareSpecCustomResource30CD03AA", "outputSpecKey", ], }, }, "Name": "ApiTest1", }, "Type": "AWS::ApiGateway::RestApi", }, "ApiTest1LambdaPermissiontestOperation0FD44D9B": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Action": "lambda:InvokeFunction", "FunctionName": Object { "Fn::GetAtt": Array [ "LambdaD247545B", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":execute-api:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":", Object { "Ref": "ApiTest1E0FDBC81", }, "/*/GET/test", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "ApiTest1PrepareSpecCustomResource30CD03AA": Object { "DeletionPolicy": "Delete", "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "ServiceToken": Object { "Fn::GetAtt": Array [ "ApiTest1PrepareSpecProviderframeworkonEvent9E64448F", "Arn", ], }, "inputSpecLocation": Object { "bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "key": "ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json", }, "integrations": Object { "testOperation": Object { "integration": Object { "httpMethod": "POST", "passthroughBehavior": "WHEN_NO_MATCH", "type": "AWS_PROXY", "uri": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":apigateway:", Object { "Ref": "AWS::Region", }, ":lambda:path/2015-03-31/functions/", Object { "Fn::GetAtt": Array [ "LambdaD247545B", "Arn", ], }, "/invocations", ], ], }, }, }, }, "operationLookup": Object { "testOperation": Object { "method": "get", "path": "/test", }, }, "outputSpecLocation": Object { "bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "key": "ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared", }, "securitySchemes": Object {}, }, "Type": "AWS::CloudFormation::CustomResource", "UpdateReplacePolicy": "Delete", }, "ApiTest1PrepareSpecE7061D01": Object { "DependsOn": Array [ "ApiTest1PrepareSpecRole6018776C", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Code": Object { "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "0a558975b3b6d936445a7f9d8d329b154853a6cdcb513008e91fd4e963842023.zip", }, "FunctionName": "Default-PrepareSpec", "Handler": "index.handler", "Role": Object { "Fn::GetAtt": Array [ "ApiTest1PrepareSpecRole6018776C", "Arn", ], }, "Runtime": "nodejs18.x", "Timeout": 30, }, "Type": "AWS::Lambda::Function", }, "ApiTest1PrepareSpecProviderRoleA1D8F665": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec-Provider", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec-Provider:*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "logs", }, ], }, "Type": "AWS::IAM::Role", }, "ApiTest1PrepareSpecProviderRoleDefaultPolicyFCE97042": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "lambda:InvokeFunction", "Effect": "Allow", "Resource": Array [ Object { "Fn::GetAtt": Array [ "ApiTest1PrepareSpecE7061D01", "Arn", ], }, Object { "Fn::Join": Array [ "", Array [ Object { "Fn::GetAtt": Array [ "ApiTest1PrepareSpecE7061D01", "Arn", ], }, ":*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "ApiTest1PrepareSpecProviderRoleDefaultPolicyFCE97042", "Roles": Array [ Object { "Ref": "ApiTest1PrepareSpecProviderRoleA1D8F665", }, ], }, "Type": "AWS::IAM::Policy", }, "ApiTest1PrepareSpecProviderframeworkonEvent9E64448F": Object { "DependsOn": Array [ "ApiTest1PrepareSpecProviderRoleDefaultPolicyFCE97042", "ApiTest1PrepareSpecProviderRoleA1D8F665", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-L1", "reason": "Latest runtime cannot be configured. CDK will need to upgrade the Provider construct accordingly.", }, Object { "id": "AwsPrototyping-LambdaLatestVersion", "reason": "Latest runtime cannot be configured. CDK will need to upgrade the Provider construct accordingly.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Code": Object { "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "e8fea7e029780f03a78580d41b7ffbc4551d6e7d6caa190a451880191c166189.zip", }, "Description": "AWS CDK resource provider framework - onEvent (Default/ApiTest1/PrepareSpecProvider)", "Environment": Object { "Variables": Object { "USER_ON_EVENT_FUNCTION_ARN": Object { "Fn::GetAtt": Array [ "ApiTest1PrepareSpecE7061D01", "Arn", ], }, }, }, "FunctionName": "Default-PrepareSpec-Provider", "Handler": "framework.onEvent", "Role": Object { "Fn::GetAtt": Array [ "ApiTest1PrepareSpecProviderRoleA1D8F665", "Arn", ], }, "Runtime": "nodejs14.x", "Timeout": 900, }, "Type": "AWS::Lambda::Function", }, "ApiTest1PrepareSpecRole6018776C": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Resource::arn:aws:logs:::log-group:/aws/lambda/Default-PrepareSpec:*/g", }, ], "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn::s3:.*/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*/g", }, ], "id": "AwsSolutions-IAM5", "reason": "S3 resources have been scoped down to the appropriate prefix in the CDK asset bucket, however * is still needed as since the prepared spec hash is not known until deploy time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn:aws:logs:::log-group:/aws/lambda/Default-PrepareSpec:*/g", }, ], "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn::s3:.*/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*/g", }, ], "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "S3 resources have been scoped down to the appropriate prefix in the CDK asset bucket, however * is still needed as since the prepared spec hash is not known until deploy time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec:*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "logs", }, Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:getObject", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::", Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json", ], ], }, }, Object { "Action": "s3:putObject", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::", Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "s3", }, ], }, "Type": "AWS::IAM::Role", }, "ApiTest29D927A57": Object { "DependsOn": Array [ "ApiTest2PrepareSpecCustomResource2182A9C5", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "BodyS3Location": Object { "Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "Key": Object { "Fn::GetAtt": Array [ "ApiTest2PrepareSpecCustomResource2182A9C5", "outputSpecKey", ], }, }, "Name": "ApiTest2", }, "Type": "AWS::ApiGateway::RestApi", }, "ApiTest2AccessLogs7506EDA6": Object { "DeletionPolicy": "Retain", "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "RetentionInDays": 731, }, "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, "ApiTest2Account685F675E": Object { "DeletionPolicy": "Retain", "DependsOn": Array [ "ApiTest29D927A57", "ApiTest2PrepareSpecCustomResource2182A9C5", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "CloudWatchRoleArn": Object { "Fn::GetAtt": Array [ "ApiTest2CloudWatchRole72C1A98D", "Arn", ], }, }, "Type": "AWS::ApiGateway::Account", "UpdateReplacePolicy": "Retain", }, "ApiTest2ApiTest2AclWebACL627F765E": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "DefaultAction": Object { "Allow": Object {}, }, "Name": "Default--ApiTest2-Acl-WebAcl", "Rules": Array [ Object { "Name": "AWS-AWSManagedRulesCommonRuleSet", "OverrideAction": Object { "None": Object {}, }, "Priority": 2, "Statement": Object { "ManagedRuleGroupStatement": Object { "Name": "AWSManagedRulesCommonRuleSet", "VendorName": "AWS", }, }, "VisibilityConfig": Object { "CloudWatchMetricsEnabled": true, "MetricName": "Default--ApiTest2-Acl-WebAcl-AWS-AWSManagedRulesCommonRuleSet", "SampledRequestsEnabled": true, }, }, ], "Scope": "REGIONAL", "VisibilityConfig": Object { "CloudWatchMetricsEnabled": true, "MetricName": "Default--ApiTest2-Acl-WebAcl", "SampledRequestsEnabled": true, }, }, "Type": "AWS::WAFv2::WebACL", }, "ApiTest2ApiTest2AclWebACLAssociation1BE7A2D1": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "ResourceArn": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":apigateway:", Object { "Ref": "AWS::Region", }, "::/restapis/", Object { "Ref": "ApiTest29D927A57", }, "/stages/", Object { "Ref": "ApiTest2DeploymentStageprodF3467DC1", }, ], ], }, "WebACLArn": Object { "Fn::GetAtt": Array [ "ApiTest2ApiTest2AclWebACL627F765E", "Arn", ], }, }, "Type": "AWS::WAFv2::WebACLAssociation", }, "ApiTest2CloudWatchRole72C1A98D": Object { "DeletionPolicy": "Retain", "DependsOn": Array [ "ApiTest2PrepareSpecCustomResource2182A9C5", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "apigateway.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", ], ], }, ], }, "Type": "AWS::IAM::Role", "UpdateReplacePolicy": "Retain", }, "ApiTest2DeploymentF5547FBB0628ff5b414eb67a464523f7ee50546d": Object { "DependsOn": Array [ "ApiTest2PrepareSpecCustomResource2182A9C5", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Description": "Automatically created by the RestApi construct", "RestApiId": Object { "Ref": "ApiTest29D927A57", }, }, "Type": "AWS::ApiGateway::Deployment", }, "ApiTest2DeploymentStageprodF3467DC1": Object { "DependsOn": Array [ "ApiTest2Account685F675E", "ApiTest2PrepareSpecCustomResource2182A9C5", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AccessLogSetting": Object { "DestinationArn": Object { "Fn::GetAtt": Array [ "ApiTest2AccessLogs7506EDA6", "Arn", ], }, "Format": "$context.identity.sourceIp $context.identity.caller $context.identity.user [$context.requestTime] \\"$context.httpMethod $context.resourcePath $context.protocol\\" $context.status $context.responseLength $context.requestId", }, "DeploymentId": Object { "Ref": "ApiTest2DeploymentF5547FBB0628ff5b414eb67a464523f7ee50546d", }, "MethodSettings": Array [ Object { "DataTraceEnabled": false, "HttpMethod": "*", "LoggingLevel": "INFO", "ResourcePath": "/*", }, ], "RestApiId": Object { "Ref": "ApiTest29D927A57", }, "StageName": "prod", }, "Type": "AWS::ApiGateway::Stage", }, "ApiTest2LambdaPermissiontestOperation7622FF16": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Action": "lambda:InvokeFunction", "FunctionName": Object { "Fn::GetAtt": Array [ "LambdaD247545B", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":execute-api:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":", Object { "Ref": "ApiTest29D927A57", }, "/*/GET/test", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "ApiTest2PrepareSpec6015FD84": Object { "DependsOn": Array [ "ApiTest2PrepareSpecRoleE638C076", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Code": Object { "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "0a558975b3b6d936445a7f9d8d329b154853a6cdcb513008e91fd4e963842023.zip", }, "FunctionName": "Default-PrepareSpec", "Handler": "index.handler", "Role": Object { "Fn::GetAtt": Array [ "ApiTest2PrepareSpecRoleE638C076", "Arn", ], }, "Runtime": "nodejs18.x", "Timeout": 30, }, "Type": "AWS::Lambda::Function", }, "ApiTest2PrepareSpecCustomResource2182A9C5": Object { "DeletionPolicy": "Delete", "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "ServiceToken": Object { "Fn::GetAtt": Array [ "ApiTest2PrepareSpecProviderframeworkonEventC9470DD8", "Arn", ], }, "inputSpecLocation": Object { "bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "key": "ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json", }, "integrations": Object { "testOperation": Object { "integration": Object { "httpMethod": "POST", "passthroughBehavior": "WHEN_NO_MATCH", "type": "AWS_PROXY", "uri": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":apigateway:", Object { "Ref": "AWS::Region", }, ":lambda:path/2015-03-31/functions/", Object { "Fn::GetAtt": Array [ "LambdaD247545B", "Arn", ], }, "/invocations", ], ], }, }, }, }, "operationLookup": Object { "testOperation": Object { "method": "get", "path": "/test", }, }, "outputSpecLocation": Object { "bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "key": "ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared", }, "securitySchemes": Object {}, }, "Type": "AWS::CloudFormation::CustomResource", "UpdateReplacePolicy": "Delete", }, "ApiTest2PrepareSpecProviderRole59C44E6C": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec-Provider", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec-Provider:*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "logs", }, ], }, "Type": "AWS::IAM::Role", }, "ApiTest2PrepareSpecProviderRoleDefaultPolicyA41E659C": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "lambda:InvokeFunction", "Effect": "Allow", "Resource": Array [ Object { "Fn::GetAtt": Array [ "ApiTest2PrepareSpec6015FD84", "Arn", ], }, Object { "Fn::Join": Array [ "", Array [ Object { "Fn::GetAtt": Array [ "ApiTest2PrepareSpec6015FD84", "Arn", ], }, ":*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "ApiTest2PrepareSpecProviderRoleDefaultPolicyA41E659C", "Roles": Array [ Object { "Ref": "ApiTest2PrepareSpecProviderRole59C44E6C", }, ], }, "Type": "AWS::IAM::Policy", }, "ApiTest2PrepareSpecProviderframeworkonEventC9470DD8": Object { "DependsOn": Array [ "ApiTest2PrepareSpecProviderRoleDefaultPolicyA41E659C", "ApiTest2PrepareSpecProviderRole59C44E6C", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-L1", "reason": "Latest runtime cannot be configured. CDK will need to upgrade the Provider construct accordingly.", }, Object { "id": "AwsPrototyping-LambdaLatestVersion", "reason": "Latest runtime cannot be configured. CDK will need to upgrade the Provider construct accordingly.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Code": Object { "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "e8fea7e029780f03a78580d41b7ffbc4551d6e7d6caa190a451880191c166189.zip", }, "Description": "AWS CDK resource provider framework - onEvent (Default/ApiTest2/PrepareSpecProvider)", "Environment": Object { "Variables": Object { "USER_ON_EVENT_FUNCTION_ARN": Object { "Fn::GetAtt": Array [ "ApiTest2PrepareSpec6015FD84", "Arn", ], }, }, }, "FunctionName": "Default-PrepareSpec-Provider", "Handler": "framework.onEvent", "Role": Object { "Fn::GetAtt": Array [ "ApiTest2PrepareSpecProviderRole59C44E6C", "Arn", ], }, "Runtime": "nodejs14.x", "Timeout": 900, }, "Type": "AWS::Lambda::Function", }, "ApiTest2PrepareSpecRoleE638C076": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Resource::arn:aws:logs:::log-group:/aws/lambda/Default-PrepareSpec:*/g", }, ], "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn::s3:.*/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*/g", }, ], "id": "AwsSolutions-IAM5", "reason": "S3 resources have been scoped down to the appropriate prefix in the CDK asset bucket, however * is still needed as since the prepared spec hash is not known until deploy time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn:aws:logs:::log-group:/aws/lambda/Default-PrepareSpec:*/g", }, ], "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn::s3:.*/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*/g", }, ], "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "S3 resources have been scoped down to the appropriate prefix in the CDK asset bucket, however * is still needed as since the prepared spec hash is not known until deploy time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec:*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "logs", }, Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:getObject", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::", Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json", ], ], }, }, Object { "Action": "s3:putObject", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::", Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "s3", }, ], }, "Type": "AWS::IAM::Role", }, "LambdaD247545B": Object { "DependsOn": Array [ "LambdaServiceRoleA8ED4D3B", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM4", "reason": "This is a test construct.", }, Object { "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "This is a test construct.", }, ], }, }, "Properties": Object { "Code": Object { "ZipFile": "code", }, "Handler": "handler", "Role": Object { "Fn::GetAtt": Array [ "LambdaServiceRoleA8ED4D3B", "Arn", ], }, "Runtime": "nodejs16.x", }, "Type": "AWS::Lambda::Function", }, "LambdaServiceRoleA8ED4D3B": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM4", "reason": "This is a test construct.", }, Object { "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "This is a test construct.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, ], }, "Type": "AWS::IAM::Role", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`OpenAPI Gateway Rest Api Construct Unit Tests Permits Matching No Authorizers In Spec And Construct 1`] = ` Object { "Outputs": Object { "ApiTestEndpoint34A72375": Object { "Value": Object { "Fn::Join": Array [ "", Array [ "https://", Object { "Ref": "ApiTestEE73F324", }, ".execute-api.", Object { "Ref": "AWS::Region", }, ".", Object { "Ref": "AWS::URLSuffix", }, "/", Object { "Ref": "ApiTestDeploymentStageprod660267A6", }, "/", ], ], }, }, }, "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "ApiTestAccessLogs92CFE051": Object { "DeletionPolicy": "Retain", "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "RetentionInDays": 731, }, "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, "ApiTestAccount272B5CDD": Object { "DeletionPolicy": "Retain", "DependsOn": Array [ "ApiTestEE73F324", "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "CloudWatchRoleArn": Object { "Fn::GetAtt": Array [ "ApiTestCloudWatchRole56ED0814", "Arn", ], }, }, "Type": "AWS::ApiGateway::Account", "UpdateReplacePolicy": "Retain", }, "ApiTestApiTestAclWebACL9E75156F": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "DefaultAction": Object { "Allow": Object {}, }, "Name": "Default--ApiTest-Acl-WebAcl", "Rules": Array [ Object { "Name": "AWS-AWSManagedRulesCommonRuleSet", "OverrideAction": Object { "None": Object {}, }, "Priority": 2, "Statement": Object { "ManagedRuleGroupStatement": Object { "Name": "AWSManagedRulesCommonRuleSet", "VendorName": "AWS", }, }, "VisibilityConfig": Object { "CloudWatchMetricsEnabled": true, "MetricName": "Default--ApiTest-Acl-WebAcl-AWS-AWSManagedRulesCommonRuleSet", "SampledRequestsEnabled": true, }, }, ], "Scope": "REGIONAL", "VisibilityConfig": Object { "CloudWatchMetricsEnabled": true, "MetricName": "Default--ApiTest-Acl-WebAcl", "SampledRequestsEnabled": true, }, }, "Type": "AWS::WAFv2::WebACL", }, "ApiTestApiTestAclWebACLAssociation54801610": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "ResourceArn": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":apigateway:", Object { "Ref": "AWS::Region", }, "::/restapis/", Object { "Ref": "ApiTestEE73F324", }, "/stages/", Object { "Ref": "ApiTestDeploymentStageprod660267A6", }, ], ], }, "WebACLArn": Object { "Fn::GetAtt": Array [ "ApiTestApiTestAclWebACL9E75156F", "Arn", ], }, }, "Type": "AWS::WAFv2::WebACLAssociation", }, "ApiTestCloudWatchRole56ED0814": Object { "DeletionPolicy": "Retain", "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "apigateway.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", ], ], }, ], }, "Type": "AWS::IAM::Role", "UpdateReplacePolicy": "Retain", }, "ApiTestDeployment153EC478cf0ffda1ebdf50e204e4bb9601cf40bc": Object { "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Description": "Automatically created by the RestApi construct", "RestApiId": Object { "Ref": "ApiTestEE73F324", }, }, "Type": "AWS::ApiGateway::Deployment", }, "ApiTestDeploymentStageprod660267A6": Object { "DependsOn": Array [ "ApiTestAccount272B5CDD", "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AccessLogSetting": Object { "DestinationArn": Object { "Fn::GetAtt": Array [ "ApiTestAccessLogs92CFE051", "Arn", ], }, "Format": "$context.identity.sourceIp $context.identity.caller $context.identity.user [$context.requestTime] \\"$context.httpMethod $context.resourcePath $context.protocol\\" $context.status $context.responseLength $context.requestId", }, "DeploymentId": Object { "Ref": "ApiTestDeployment153EC478cf0ffda1ebdf50e204e4bb9601cf40bc", }, "MethodSettings": Array [ Object { "DataTraceEnabled": false, "HttpMethod": "*", "LoggingLevel": "INFO", "ResourcePath": "/*", }, ], "RestApiId": Object { "Ref": "ApiTestEE73F324", }, "StageName": "prod", }, "Type": "AWS::ApiGateway::Stage", }, "ApiTestEE73F324": Object { "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "BodyS3Location": Object { "Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "Key": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", "outputSpecKey", ], }, }, "Name": "ApiTest", }, "Type": "AWS::ApiGateway::RestApi", }, "ApiTestLambdaPermissiontestOperationECAC1A2D": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Action": "lambda:InvokeFunction", "FunctionName": Object { "Fn::GetAtt": Array [ "LambdaD247545B", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":execute-api:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":", Object { "Ref": "ApiTestEE73F324", }, "/*/GET/test", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "ApiTestPrepareSpecA3536D2B": Object { "DependsOn": Array [ "ApiTestPrepareSpecRole44D562E5", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Code": Object { "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "0a558975b3b6d936445a7f9d8d329b154853a6cdcb513008e91fd4e963842023.zip", }, "FunctionName": "Default-PrepareSpec", "Handler": "index.handler", "Role": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecRole44D562E5", "Arn", ], }, "Runtime": "nodejs18.x", "Timeout": 30, }, "Type": "AWS::Lambda::Function", }, "ApiTestPrepareSpecCustomResourceC9800EE6": Object { "DeletionPolicy": "Delete", "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "ServiceToken": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecProviderframeworkonEvent2FA9E188", "Arn", ], }, "defaultAuthorizerReference": Object { "authorizerId": "none", }, "inputSpecLocation": Object { "bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "key": "ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json", }, "integrations": Object { "testOperation": Object { "integration": Object { "httpMethod": "POST", "passthroughBehavior": "WHEN_NO_MATCH", "type": "AWS_PROXY", "uri": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":apigateway:", Object { "Ref": "AWS::Region", }, ":lambda:path/2015-03-31/functions/", Object { "Fn::GetAtt": Array [ "LambdaD247545B", "Arn", ], }, "/invocations", ], ], }, }, }, }, "operationLookup": Object { "testOperation": Object { "method": "get", "path": "/test", }, }, "outputSpecLocation": Object { "bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "key": "ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared", }, "securitySchemes": Object {}, }, "Type": "AWS::CloudFormation::CustomResource", "UpdateReplacePolicy": "Delete", }, "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "lambda:InvokeFunction", "Effect": "Allow", "Resource": Array [ Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, Object { "Fn::Join": Array [ "", Array [ Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, ":*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78", "Roles": Array [ Object { "Ref": "ApiTestPrepareSpecProviderRoleF47822B8", }, ], }, "Type": "AWS::IAM::Policy", }, "ApiTestPrepareSpecProviderRoleF47822B8": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec-Provider", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec-Provider:*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "logs", }, ], }, "Type": "AWS::IAM::Role", }, "ApiTestPrepareSpecProviderframeworkonEvent2FA9E188": Object { "DependsOn": Array [ "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78", "ApiTestPrepareSpecProviderRoleF47822B8", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-L1", "reason": "Latest runtime cannot be configured. CDK will need to upgrade the Provider construct accordingly.", }, Object { "id": "AwsPrototyping-LambdaLatestVersion", "reason": "Latest runtime cannot be configured. CDK will need to upgrade the Provider construct accordingly.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Code": Object { "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "e8fea7e029780f03a78580d41b7ffbc4551d6e7d6caa190a451880191c166189.zip", }, "Description": "AWS CDK resource provider framework - onEvent (Default/ApiTest/PrepareSpecProvider)", "Environment": Object { "Variables": Object { "USER_ON_EVENT_FUNCTION_ARN": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, }, }, "FunctionName": "Default-PrepareSpec-Provider", "Handler": "framework.onEvent", "Role": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecProviderRoleF47822B8", "Arn", ], }, "Runtime": "nodejs14.x", "Timeout": 900, }, "Type": "AWS::Lambda::Function", }, "ApiTestPrepareSpecRole44D562E5": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Resource::arn:aws:logs:::log-group:/aws/lambda/Default-PrepareSpec:*/g", }, ], "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn::s3:.*/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*/g", }, ], "id": "AwsSolutions-IAM5", "reason": "S3 resources have been scoped down to the appropriate prefix in the CDK asset bucket, however * is still needed as since the prepared spec hash is not known until deploy time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn:aws:logs:::log-group:/aws/lambda/Default-PrepareSpec:*/g", }, ], "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn::s3:.*/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*/g", }, ], "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "S3 resources have been scoped down to the appropriate prefix in the CDK asset bucket, however * is still needed as since the prepared spec hash is not known until deploy time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec:*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "logs", }, Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:getObject", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::", Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json", ], ], }, }, Object { "Action": "s3:putObject", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::", Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "s3", }, ], }, "Type": "AWS::IAM::Role", }, "LambdaD247545B": Object { "DependsOn": Array [ "LambdaServiceRoleA8ED4D3B", ], "Properties": Object { "Code": Object { "ZipFile": "code", }, "Handler": "handler", "Role": Object { "Fn::GetAtt": Array [ "LambdaServiceRoleA8ED4D3B", "Arn", ], }, "Runtime": "nodejs16.x", }, "Type": "AWS::Lambda::Function", }, "LambdaServiceRoleA8ED4D3B": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, ], }, "Type": "AWS::IAM::Role", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`OpenAPI Gateway Rest Api Construct Unit Tests Synth 1`] = ` Object { "Outputs": Object { "ApiTestEndpoint34A72375": Object { "Value": Object { "Fn::Join": Array [ "", Array [ "https://", Object { "Ref": "ApiTestEE73F324", }, ".execute-api.", Object { "Ref": "AWS::Region", }, ".", Object { "Ref": "AWS::URLSuffix", }, "/", Object { "Ref": "ApiTestDeploymentStageprod660267A6", }, "/", ], ], }, }, }, "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "ApiTestAccessLogs92CFE051": Object { "DeletionPolicy": "Retain", "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "RetentionInDays": 731, }, "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, "ApiTestAccount272B5CDD": Object { "DeletionPolicy": "Retain", "DependsOn": Array [ "ApiTestEE73F324", "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "CloudWatchRoleArn": Object { "Fn::GetAtt": Array [ "ApiTestCloudWatchRole56ED0814", "Arn", ], }, }, "Type": "AWS::ApiGateway::Account", "UpdateReplacePolicy": "Retain", }, "ApiTestApiTestAclWebACL9E75156F": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "DefaultAction": Object { "Allow": Object {}, }, "Name": "Default--ApiTest-Acl-WebAcl", "Rules": Array [ Object { "Name": "AWS-AWSManagedRulesCommonRuleSet", "OverrideAction": Object { "None": Object {}, }, "Priority": 2, "Statement": Object { "ManagedRuleGroupStatement": Object { "Name": "AWSManagedRulesCommonRuleSet", "VendorName": "AWS", }, }, "VisibilityConfig": Object { "CloudWatchMetricsEnabled": true, "MetricName": "Default--ApiTest-Acl-WebAcl-AWS-AWSManagedRulesCommonRuleSet", "SampledRequestsEnabled": true, }, }, ], "Scope": "REGIONAL", "VisibilityConfig": Object { "CloudWatchMetricsEnabled": true, "MetricName": "Default--ApiTest-Acl-WebAcl", "SampledRequestsEnabled": true, }, }, "Type": "AWS::WAFv2::WebACL", }, "ApiTestApiTestAclWebACLAssociation54801610": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "ResourceArn": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":apigateway:", Object { "Ref": "AWS::Region", }, "::/restapis/", Object { "Ref": "ApiTestEE73F324", }, "/stages/", Object { "Ref": "ApiTestDeploymentStageprod660267A6", }, ], ], }, "WebACLArn": Object { "Fn::GetAtt": Array [ "ApiTestApiTestAclWebACL9E75156F", "Arn", ], }, }, "Type": "AWS::WAFv2::WebACLAssociation", }, "ApiTestCloudWatchRole56ED0814": Object { "DeletionPolicy": "Retain", "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "apigateway.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", ], ], }, ], }, "Type": "AWS::IAM::Role", "UpdateReplacePolicy": "Retain", }, "ApiTestDeployment153EC478ba688c73ecd411d6bc46f33941546de6": Object { "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Description": "Automatically created by the RestApi construct", "RestApiId": Object { "Ref": "ApiTestEE73F324", }, }, "Type": "AWS::ApiGateway::Deployment", }, "ApiTestDeploymentStageprod660267A6": Object { "DependsOn": Array [ "ApiTestAccount272B5CDD", "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AccessLogSetting": Object { "DestinationArn": Object { "Fn::GetAtt": Array [ "ApiTestAccessLogs92CFE051", "Arn", ], }, "Format": "$context.identity.sourceIp $context.identity.caller $context.identity.user [$context.requestTime] \\"$context.httpMethod $context.resourcePath $context.protocol\\" $context.status $context.responseLength $context.requestId", }, "DeploymentId": Object { "Ref": "ApiTestDeployment153EC478ba688c73ecd411d6bc46f33941546de6", }, "MethodSettings": Array [ Object { "DataTraceEnabled": false, "HttpMethod": "*", "LoggingLevel": "INFO", "ResourcePath": "/*", }, ], "RestApiId": Object { "Ref": "ApiTestEE73F324", }, "StageName": "prod", }, "Type": "AWS::ApiGateway::Stage", }, "ApiTestEE73F324": Object { "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "BodyS3Location": Object { "Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "Key": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", "outputSpecKey", ], }, }, "Name": "ApiTest", }, "Type": "AWS::ApiGateway::RestApi", }, "ApiTestLambdaPermissiontestOperationECAC1A2D": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Action": "lambda:InvokeFunction", "FunctionName": Object { "Fn::GetAtt": Array [ "LambdaD247545B", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":execute-api:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":", Object { "Ref": "ApiTestEE73F324", }, "/*/GET/test", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "ApiTestPrepareSpecA3536D2B": Object { "DependsOn": Array [ "ApiTestPrepareSpecRole44D562E5", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Code": Object { "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "0a558975b3b6d936445a7f9d8d329b154853a6cdcb513008e91fd4e963842023.zip", }, "FunctionName": "Default-PrepareSpec", "Handler": "index.handler", "Role": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecRole44D562E5", "Arn", ], }, "Runtime": "nodejs18.x", "Timeout": 30, }, "Type": "AWS::Lambda::Function", }, "ApiTestPrepareSpecCustomResourceC9800EE6": Object { "DeletionPolicy": "Delete", "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "ServiceToken": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecProviderframeworkonEvent2FA9E188", "Arn", ], }, "inputSpecLocation": Object { "bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "key": "ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json", }, "integrations": Object { "testOperation": Object { "integration": Object { "httpMethod": "POST", "passthroughBehavior": "WHEN_NO_MATCH", "type": "AWS_PROXY", "uri": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":apigateway:", Object { "Ref": "AWS::Region", }, ":lambda:path/2015-03-31/functions/", Object { "Fn::GetAtt": Array [ "LambdaD247545B", "Arn", ], }, "/invocations", ], ], }, }, }, }, "operationLookup": Object { "testOperation": Object { "method": "get", "path": "/test", }, }, "outputSpecLocation": Object { "bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "key": "ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared", }, "securitySchemes": Object {}, }, "Type": "AWS::CloudFormation::CustomResource", "UpdateReplacePolicy": "Delete", }, "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "lambda:InvokeFunction", "Effect": "Allow", "Resource": Array [ Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, Object { "Fn::Join": Array [ "", Array [ Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, ":*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78", "Roles": Array [ Object { "Ref": "ApiTestPrepareSpecProviderRoleF47822B8", }, ], }, "Type": "AWS::IAM::Policy", }, "ApiTestPrepareSpecProviderRoleF47822B8": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec-Provider", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec-Provider:*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "logs", }, ], }, "Type": "AWS::IAM::Role", }, "ApiTestPrepareSpecProviderframeworkonEvent2FA9E188": Object { "DependsOn": Array [ "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78", "ApiTestPrepareSpecProviderRoleF47822B8", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-L1", "reason": "Latest runtime cannot be configured. CDK will need to upgrade the Provider construct accordingly.", }, Object { "id": "AwsPrototyping-LambdaLatestVersion", "reason": "Latest runtime cannot be configured. CDK will need to upgrade the Provider construct accordingly.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Code": Object { "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "e8fea7e029780f03a78580d41b7ffbc4551d6e7d6caa190a451880191c166189.zip", }, "Description": "AWS CDK resource provider framework - onEvent (Default/ApiTest/PrepareSpecProvider)", "Environment": Object { "Variables": Object { "USER_ON_EVENT_FUNCTION_ARN": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, }, }, "FunctionName": "Default-PrepareSpec-Provider", "Handler": "framework.onEvent", "Role": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecProviderRoleF47822B8", "Arn", ], }, "Runtime": "nodejs14.x", "Timeout": 900, }, "Type": "AWS::Lambda::Function", }, "ApiTestPrepareSpecRole44D562E5": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Resource::arn:aws:logs:::log-group:/aws/lambda/Default-PrepareSpec:*/g", }, ], "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn::s3:.*/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*/g", }, ], "id": "AwsSolutions-IAM5", "reason": "S3 resources have been scoped down to the appropriate prefix in the CDK asset bucket, however * is still needed as since the prepared spec hash is not known until deploy time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn:aws:logs:::log-group:/aws/lambda/Default-PrepareSpec:*/g", }, ], "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn::s3:.*/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*/g", }, ], "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "S3 resources have been scoped down to the appropriate prefix in the CDK asset bucket, however * is still needed as since the prepared spec hash is not known until deploy time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec:*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "logs", }, Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:getObject", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::", Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json", ], ], }, }, Object { "Action": "s3:putObject", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::", Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "s3", }, ], }, "Type": "AWS::IAM::Role", }, "LambdaD247545B": Object { "DependsOn": Array [ "LambdaServiceRoleA8ED4D3B", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM4", "reason": "This is a test construct.", }, Object { "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "This is a test construct.", }, ], }, }, "Properties": Object { "Code": Object { "ZipFile": "code", }, "Handler": "handler", "Role": Object { "Fn::GetAtt": Array [ "LambdaServiceRoleA8ED4D3B", "Arn", ], }, "Runtime": "nodejs16.x", }, "Type": "AWS::Lambda::Function", }, "LambdaServiceRoleA8ED4D3B": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM4", "reason": "This is a test construct.", }, Object { "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "This is a test construct.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, ], }, "Type": "AWS::IAM::Role", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`OpenAPI Gateway Rest Api Construct Unit Tests With Cognito Auth 1`] = ` Object { "Outputs": Object { "ApiTestEndpoint34A72375": Object { "Value": Object { "Fn::Join": Array [ "", Array [ "https://", Object { "Ref": "ApiTestEE73F324", }, ".execute-api.", Object { "Ref": "AWS::Region", }, ".", Object { "Ref": "AWS::URLSuffix", }, "/", Object { "Ref": "ApiTestDeploymentStageprod660267A6", }, "/", ], ], }, }, }, "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "ApiTestAccessLogs92CFE051": Object { "DeletionPolicy": "Retain", "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "RetentionInDays": 731, }, "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, "ApiTestAccount272B5CDD": Object { "DeletionPolicy": "Retain", "DependsOn": Array [ "ApiTestEE73F324", "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "CloudWatchRoleArn": Object { "Fn::GetAtt": Array [ "ApiTestCloudWatchRole56ED0814", "Arn", ], }, }, "Type": "AWS::ApiGateway::Account", "UpdateReplacePolicy": "Retain", }, "ApiTestApiTestAclWebACL9E75156F": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "DefaultAction": Object { "Allow": Object {}, }, "Name": "Default--ApiTest-Acl-WebAcl", "Rules": Array [ Object { "Name": "AWS-AWSManagedRulesCommonRuleSet", "OverrideAction": Object { "None": Object {}, }, "Priority": 2, "Statement": Object { "ManagedRuleGroupStatement": Object { "Name": "AWSManagedRulesCommonRuleSet", "VendorName": "AWS", }, }, "VisibilityConfig": Object { "CloudWatchMetricsEnabled": true, "MetricName": "Default--ApiTest-Acl-WebAcl-AWS-AWSManagedRulesCommonRuleSet", "SampledRequestsEnabled": true, }, }, ], "Scope": "REGIONAL", "VisibilityConfig": Object { "CloudWatchMetricsEnabled": true, "MetricName": "Default--ApiTest-Acl-WebAcl", "SampledRequestsEnabled": true, }, }, "Type": "AWS::WAFv2::WebACL", }, "ApiTestApiTestAclWebACLAssociation54801610": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "ResourceArn": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":apigateway:", Object { "Ref": "AWS::Region", }, "::/restapis/", Object { "Ref": "ApiTestEE73F324", }, "/stages/", Object { "Ref": "ApiTestDeploymentStageprod660267A6", }, ], ], }, "WebACLArn": Object { "Fn::GetAtt": Array [ "ApiTestApiTestAclWebACL9E75156F", "Arn", ], }, }, "Type": "AWS::WAFv2::WebACLAssociation", }, "ApiTestCloudWatchRole56ED0814": Object { "DeletionPolicy": "Retain", "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "apigateway.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", ], ], }, ], }, "Type": "AWS::IAM::Role", "UpdateReplacePolicy": "Retain", }, "ApiTestDeployment153EC47863776976cc0e88744938e9841a6d2672": Object { "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Description": "Automatically created by the RestApi construct", "RestApiId": Object { "Ref": "ApiTestEE73F324", }, }, "Type": "AWS::ApiGateway::Deployment", }, "ApiTestDeploymentStageprod660267A6": Object { "DependsOn": Array [ "ApiTestAccount272B5CDD", "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AccessLogSetting": Object { "DestinationArn": Object { "Fn::GetAtt": Array [ "ApiTestAccessLogs92CFE051", "Arn", ], }, "Format": "$context.identity.sourceIp $context.identity.caller $context.identity.user [$context.requestTime] \\"$context.httpMethod $context.resourcePath $context.protocol\\" $context.status $context.responseLength $context.requestId", }, "DeploymentId": Object { "Ref": "ApiTestDeployment153EC47863776976cc0e88744938e9841a6d2672", }, "MethodSettings": Array [ Object { "DataTraceEnabled": false, "HttpMethod": "*", "LoggingLevel": "INFO", "ResourcePath": "/*", }, ], "RestApiId": Object { "Ref": "ApiTestEE73F324", }, "StageName": "prod", }, "Type": "AWS::ApiGateway::Stage", }, "ApiTestEE73F324": Object { "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "BodyS3Location": Object { "Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "Key": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", "outputSpecKey", ], }, }, "Name": "ApiTest", }, "Type": "AWS::ApiGateway::RestApi", }, "ApiTestLambdaPermissiontestOperationECAC1A2D": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Action": "lambda:InvokeFunction", "FunctionName": Object { "Fn::GetAtt": Array [ "LambdaD247545B", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":execute-api:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":", Object { "Ref": "ApiTestEE73F324", }, "/*/GET/test", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "ApiTestPrepareSpecA3536D2B": Object { "DependsOn": Array [ "ApiTestPrepareSpecRole44D562E5", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Code": Object { "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "0a558975b3b6d936445a7f9d8d329b154853a6cdcb513008e91fd4e963842023.zip", }, "FunctionName": "Default-PrepareSpec", "Handler": "index.handler", "Role": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecRole44D562E5", "Arn", ], }, "Runtime": "nodejs18.x", "Timeout": 30, }, "Type": "AWS::Lambda::Function", }, "ApiTestPrepareSpecCustomResourceC9800EE6": Object { "DeletionPolicy": "Delete", "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "ServiceToken": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecProviderframeworkonEvent2FA9E188", "Arn", ], }, "defaultAuthorizerReference": Object { "authorizerId": "myCognitoAuthorizer", }, "inputSpecLocation": Object { "bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "key": "ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json", }, "integrations": Object { "testOperation": Object { "integration": Object { "httpMethod": "POST", "passthroughBehavior": "WHEN_NO_MATCH", "type": "AWS_PROXY", "uri": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":apigateway:", Object { "Ref": "AWS::Region", }, ":lambda:path/2015-03-31/functions/", Object { "Fn::GetAtt": Array [ "LambdaD247545B", "Arn", ], }, "/invocations", ], ], }, }, }, }, "operationLookup": Object { "testOperation": Object { "method": "get", "path": "/test", }, }, "outputSpecLocation": Object { "bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "key": "ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared", }, "securitySchemes": Object { "myCognitoAuthorizer": Object { "in": "header", "name": "Authorization", "type": "apiKey", "x-amazon-apigateway-authorizer": Object { "providerARNs": Array [ Object { "Fn::GetAtt": Array [ "pool056F3F7E", "Arn", ], }, ], "type": "COGNITO_USER_POOLS", }, "x-amazon-apigateway-authtype": "COGNITO_USER_POOLS", }, }, }, "Type": "AWS::CloudFormation::CustomResource", "UpdateReplacePolicy": "Delete", }, "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "lambda:InvokeFunction", "Effect": "Allow", "Resource": Array [ Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, Object { "Fn::Join": Array [ "", Array [ Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, ":*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78", "Roles": Array [ Object { "Ref": "ApiTestPrepareSpecProviderRoleF47822B8", }, ], }, "Type": "AWS::IAM::Policy", }, "ApiTestPrepareSpecProviderRoleF47822B8": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec-Provider", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec-Provider:*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "logs", }, ], }, "Type": "AWS::IAM::Role", }, "ApiTestPrepareSpecProviderframeworkonEvent2FA9E188": Object { "DependsOn": Array [ "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78", "ApiTestPrepareSpecProviderRoleF47822B8", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-L1", "reason": "Latest runtime cannot be configured. CDK will need to upgrade the Provider construct accordingly.", }, Object { "id": "AwsPrototyping-LambdaLatestVersion", "reason": "Latest runtime cannot be configured. CDK will need to upgrade the Provider construct accordingly.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Code": Object { "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "e8fea7e029780f03a78580d41b7ffbc4551d6e7d6caa190a451880191c166189.zip", }, "Description": "AWS CDK resource provider framework - onEvent (Default/ApiTest/PrepareSpecProvider)", "Environment": Object { "Variables": Object { "USER_ON_EVENT_FUNCTION_ARN": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, }, }, "FunctionName": "Default-PrepareSpec-Provider", "Handler": "framework.onEvent", "Role": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecProviderRoleF47822B8", "Arn", ], }, "Runtime": "nodejs14.x", "Timeout": 900, }, "Type": "AWS::Lambda::Function", }, "ApiTestPrepareSpecRole44D562E5": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Resource::arn:aws:logs:::log-group:/aws/lambda/Default-PrepareSpec:*/g", }, ], "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn::s3:.*/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*/g", }, ], "id": "AwsSolutions-IAM5", "reason": "S3 resources have been scoped down to the appropriate prefix in the CDK asset bucket, however * is still needed as since the prepared spec hash is not known until deploy time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn:aws:logs:::log-group:/aws/lambda/Default-PrepareSpec:*/g", }, ], "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn::s3:.*/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*/g", }, ], "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "S3 resources have been scoped down to the appropriate prefix in the CDK asset bucket, however * is still needed as since the prepared spec hash is not known until deploy time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec:*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "logs", }, Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:getObject", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::", Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json", ], ], }, }, Object { "Action": "s3:putObject", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::", Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "s3", }, ], }, "Type": "AWS::IAM::Role", }, "LambdaD247545B": Object { "DependsOn": Array [ "LambdaServiceRoleA8ED4D3B", ], "Properties": Object { "Code": Object { "ZipFile": "code", }, "Handler": "handler", "Role": Object { "Fn::GetAtt": Array [ "LambdaServiceRoleA8ED4D3B", "Arn", ], }, "Runtime": "nodejs16.x", }, "Type": "AWS::Lambda::Function", }, "LambdaServiceRoleA8ED4D3B": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, ], }, "Type": "AWS::IAM::Role", }, "pool056F3F7E": Object { "DeletionPolicy": "Retain", "Properties": Object { "AccountRecoverySetting": Object { "RecoveryMechanisms": Array [ Object { "Name": "verified_phone_number", "Priority": 1, }, Object { "Name": "verified_email", "Priority": 2, }, ], }, "AdminCreateUserConfig": Object { "AllowAdminCreateUserOnly": true, }, "EmailVerificationMessage": "The verification code to your new account is {####}", "EmailVerificationSubject": "Verify your new account", "SmsVerificationMessage": "The verification code to your new account is {####}", "VerificationMessageTemplate": Object { "DefaultEmailOption": "CONFIRM_WITH_CODE", "EmailMessage": "The verification code to your new account is {####}", "EmailSubject": "Verify your new account", "SmsMessage": "The verification code to your new account is {####}", }, }, "Type": "AWS::Cognito::UserPool", "UpdateReplacePolicy": "Retain", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`OpenAPI Gateway Rest Api Construct Unit Tests With Custom Auth 1`] = ` Object { "Outputs": Object { "ApiTestEndpoint34A72375": Object { "Value": Object { "Fn::Join": Array [ "", Array [ "https://", Object { "Ref": "ApiTestEE73F324", }, ".execute-api.", Object { "Ref": "AWS::Region", }, ".", Object { "Ref": "AWS::URLSuffix", }, "/", Object { "Ref": "ApiTestDeploymentStageprod660267A6", }, "/", ], ], }, }, }, "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "ApiTestAccessLogs92CFE051": Object { "DeletionPolicy": "Retain", "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "RetentionInDays": 731, }, "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, "ApiTestAccount272B5CDD": Object { "DeletionPolicy": "Retain", "DependsOn": Array [ "ApiTestEE73F324", "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "CloudWatchRoleArn": Object { "Fn::GetAtt": Array [ "ApiTestCloudWatchRole56ED0814", "Arn", ], }, }, "Type": "AWS::ApiGateway::Account", "UpdateReplacePolicy": "Retain", }, "ApiTestApiTestAclWebACL9E75156F": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "DefaultAction": Object { "Allow": Object {}, }, "Name": "Default--ApiTest-Acl-WebAcl", "Rules": Array [ Object { "Name": "AWS-AWSManagedRulesCommonRuleSet", "OverrideAction": Object { "None": Object {}, }, "Priority": 2, "Statement": Object { "ManagedRuleGroupStatement": Object { "Name": "AWSManagedRulesCommonRuleSet", "VendorName": "AWS", }, }, "VisibilityConfig": Object { "CloudWatchMetricsEnabled": true, "MetricName": "Default--ApiTest-Acl-WebAcl-AWS-AWSManagedRulesCommonRuleSet", "SampledRequestsEnabled": true, }, }, ], "Scope": "REGIONAL", "VisibilityConfig": Object { "CloudWatchMetricsEnabled": true, "MetricName": "Default--ApiTest-Acl-WebAcl", "SampledRequestsEnabled": true, }, }, "Type": "AWS::WAFv2::WebACL", }, "ApiTestApiTestAclWebACLAssociation54801610": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "ResourceArn": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":apigateway:", Object { "Ref": "AWS::Region", }, "::/restapis/", Object { "Ref": "ApiTestEE73F324", }, "/stages/", Object { "Ref": "ApiTestDeploymentStageprod660267A6", }, ], ], }, "WebACLArn": Object { "Fn::GetAtt": Array [ "ApiTestApiTestAclWebACL9E75156F", "Arn", ], }, }, "Type": "AWS::WAFv2::WebACLAssociation", }, "ApiTestCloudWatchRole56ED0814": Object { "DeletionPolicy": "Retain", "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "apigateway.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", ], ], }, ], }, "Type": "AWS::IAM::Role", "UpdateReplacePolicy": "Retain", }, "ApiTestDeployment153EC478098a9965c461523b7750d682a61a3826": Object { "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Description": "Automatically created by the RestApi construct", "RestApiId": Object { "Ref": "ApiTestEE73F324", }, }, "Type": "AWS::ApiGateway::Deployment", }, "ApiTestDeploymentStageprod660267A6": Object { "DependsOn": Array [ "ApiTestAccount272B5CDD", "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AccessLogSetting": Object { "DestinationArn": Object { "Fn::GetAtt": Array [ "ApiTestAccessLogs92CFE051", "Arn", ], }, "Format": "$context.identity.sourceIp $context.identity.caller $context.identity.user [$context.requestTime] \\"$context.httpMethod $context.resourcePath $context.protocol\\" $context.status $context.responseLength $context.requestId", }, "DeploymentId": Object { "Ref": "ApiTestDeployment153EC478098a9965c461523b7750d682a61a3826", }, "MethodSettings": Array [ Object { "DataTraceEnabled": false, "HttpMethod": "*", "LoggingLevel": "INFO", "ResourcePath": "/*", }, ], "RestApiId": Object { "Ref": "ApiTestEE73F324", }, "StageName": "prod", }, "Type": "AWS::ApiGateway::Stage", }, "ApiTestEE73F324": Object { "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "BodyS3Location": Object { "Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "Key": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", "outputSpecKey", ], }, }, "Name": "ApiTest", }, "Type": "AWS::ApiGateway::RestApi", }, "ApiTestLambdaPermissionmyCustomAuthorizer2D3D850D": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Action": "lambda:InvokeFunction", "FunctionName": Object { "Fn::GetAtt": Array [ "AuthorizerBD825682", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":execute-api:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":", Object { "Ref": "ApiTestEE73F324", }, "/*/*", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "ApiTestLambdaPermissiontestOperationECAC1A2D": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Action": "lambda:InvokeFunction", "FunctionName": Object { "Fn::GetAtt": Array [ "LambdaD247545B", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":execute-api:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":", Object { "Ref": "ApiTestEE73F324", }, "/*/GET/test", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "ApiTestPrepareSpecA3536D2B": Object { "DependsOn": Array [ "ApiTestPrepareSpecRole44D562E5", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Code": Object { "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "0a558975b3b6d936445a7f9d8d329b154853a6cdcb513008e91fd4e963842023.zip", }, "FunctionName": "Default-PrepareSpec", "Handler": "index.handler", "Role": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecRole44D562E5", "Arn", ], }, "Runtime": "nodejs18.x", "Timeout": 30, }, "Type": "AWS::Lambda::Function", }, "ApiTestPrepareSpecCustomResourceC9800EE6": Object { "DeletionPolicy": "Delete", "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "ServiceToken": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecProviderframeworkonEvent2FA9E188", "Arn", ], }, "defaultAuthorizerReference": Object { "authorizerId": "myCustomAuthorizer", }, "inputSpecLocation": Object { "bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "key": "ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json", }, "integrations": Object { "testOperation": Object { "integration": Object { "httpMethod": "POST", "passthroughBehavior": "WHEN_NO_MATCH", "type": "AWS_PROXY", "uri": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":apigateway:", Object { "Ref": "AWS::Region", }, ":lambda:path/2015-03-31/functions/", Object { "Fn::GetAtt": Array [ "LambdaD247545B", "Arn", ], }, "/invocations", ], ], }, }, }, }, "operationLookup": Object { "testOperation": Object { "method": "get", "path": "/test", }, }, "outputSpecLocation": Object { "bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "key": "ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared", }, "securitySchemes": Object { "myCustomAuthorizer": Object { "in": "header", "name": "Authorization", "type": "apiKey", "x-amazon-apigateway-authorizer": Object { "authorizerResultTtlInSeconds": 300, "authorizerUri": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":apigateway:", Object { "Ref": "AWS::Region", }, ":lambda:path/2015-03-31/functions/", Object { "Fn::GetAtt": Array [ "AuthorizerBD825682", "Arn", ], }, "/invocations", ], ], }, "identitySource": "method.request.header.Authorization", "type": "token", }, "x-amazon-apigateway-authtype": "CUSTOM", }, }, }, "Type": "AWS::CloudFormation::CustomResource", "UpdateReplacePolicy": "Delete", }, "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "lambda:InvokeFunction", "Effect": "Allow", "Resource": Array [ Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, Object { "Fn::Join": Array [ "", Array [ Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, ":*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78", "Roles": Array [ Object { "Ref": "ApiTestPrepareSpecProviderRoleF47822B8", }, ], }, "Type": "AWS::IAM::Policy", }, "ApiTestPrepareSpecProviderRoleF47822B8": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec-Provider", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec-Provider:*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "logs", }, ], }, "Type": "AWS::IAM::Role", }, "ApiTestPrepareSpecProviderframeworkonEvent2FA9E188": Object { "DependsOn": Array [ "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78", "ApiTestPrepareSpecProviderRoleF47822B8", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-L1", "reason": "Latest runtime cannot be configured. CDK will need to upgrade the Provider construct accordingly.", }, Object { "id": "AwsPrototyping-LambdaLatestVersion", "reason": "Latest runtime cannot be configured. CDK will need to upgrade the Provider construct accordingly.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Code": Object { "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "e8fea7e029780f03a78580d41b7ffbc4551d6e7d6caa190a451880191c166189.zip", }, "Description": "AWS CDK resource provider framework - onEvent (Default/ApiTest/PrepareSpecProvider)", "Environment": Object { "Variables": Object { "USER_ON_EVENT_FUNCTION_ARN": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, }, }, "FunctionName": "Default-PrepareSpec-Provider", "Handler": "framework.onEvent", "Role": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecProviderRoleF47822B8", "Arn", ], }, "Runtime": "nodejs14.x", "Timeout": 900, }, "Type": "AWS::Lambda::Function", }, "ApiTestPrepareSpecRole44D562E5": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Resource::arn:aws:logs:::log-group:/aws/lambda/Default-PrepareSpec:*/g", }, ], "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn::s3:.*/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*/g", }, ], "id": "AwsSolutions-IAM5", "reason": "S3 resources have been scoped down to the appropriate prefix in the CDK asset bucket, however * is still needed as since the prepared spec hash is not known until deploy time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn:aws:logs:::log-group:/aws/lambda/Default-PrepareSpec:*/g", }, ], "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn::s3:.*/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*/g", }, ], "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "S3 resources have been scoped down to the appropriate prefix in the CDK asset bucket, however * is still needed as since the prepared spec hash is not known until deploy time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec:*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "logs", }, Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:getObject", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::", Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json", ], ], }, }, Object { "Action": "s3:putObject", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::", Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "s3", }, ], }, "Type": "AWS::IAM::Role", }, "AuthorizerBD825682": Object { "DependsOn": Array [ "AuthorizerServiceRoleB8F38EC9", ], "Properties": Object { "Code": Object { "ZipFile": "code", }, "Handler": "handler", "Role": Object { "Fn::GetAtt": Array [ "AuthorizerServiceRoleB8F38EC9", "Arn", ], }, "Runtime": "nodejs16.x", }, "Type": "AWS::Lambda::Function", }, "AuthorizerServiceRoleB8F38EC9": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, ], }, "Type": "AWS::IAM::Role", }, "LambdaD247545B": Object { "DependsOn": Array [ "LambdaServiceRoleA8ED4D3B", ], "Properties": Object { "Code": Object { "ZipFile": "code", }, "Handler": "handler", "Role": Object { "Fn::GetAtt": Array [ "LambdaServiceRoleA8ED4D3B", "Arn", ], }, "Runtime": "nodejs16.x", }, "Type": "AWS::Lambda::Function", }, "LambdaServiceRoleA8ED4D3B": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, ], }, "Type": "AWS::IAM::Role", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`OpenAPI Gateway Rest Api Construct Unit Tests With Custom Managed Rules 1`] = ` Object { "Outputs": Object { "ApiTestEndpoint34A72375": Object { "Value": Object { "Fn::Join": Array [ "", Array [ "https://", Object { "Ref": "ApiTestEE73F324", }, ".execute-api.", Object { "Ref": "AWS::Region", }, ".", Object { "Ref": "AWS::URLSuffix", }, "/", Object { "Ref": "ApiTestDeploymentStageprod660267A6", }, "/", ], ], }, }, }, "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "ApiTestAccessLogs92CFE051": Object { "DeletionPolicy": "Retain", "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "RetentionInDays": 731, }, "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, "ApiTestAccount272B5CDD": Object { "DeletionPolicy": "Retain", "DependsOn": Array [ "ApiTestEE73F324", "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "CloudWatchRoleArn": Object { "Fn::GetAtt": Array [ "ApiTestCloudWatchRole56ED0814", "Arn", ], }, }, "Type": "AWS::ApiGateway::Account", "UpdateReplacePolicy": "Retain", }, "ApiTestApiTestAclWebACL9E75156F": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "DefaultAction": Object { "Allow": Object {}, }, "Name": "Default--ApiTest-Acl-WebAcl", "Rules": Array [ Object { "Name": "AWS-AWSManagedRulesAmazonIpReputationList", "OverrideAction": Object { "None": Object {}, }, "Priority": 2, "Statement": Object { "ManagedRuleGroupStatement": Object { "Name": "AWSManagedRulesAmazonIpReputationList", "VendorName": "AWS", }, }, "VisibilityConfig": Object { "CloudWatchMetricsEnabled": true, "MetricName": "Default--ApiTest-Acl-WebAcl-AWS-AWSManagedRulesAmazonIpReputationList", "SampledRequestsEnabled": true, }, }, Object { "Name": "AWS-AWSManagedRulesAnonymousIpList", "OverrideAction": Object { "None": Object {}, }, "Priority": 3, "Statement": Object { "ManagedRuleGroupStatement": Object { "Name": "AWSManagedRulesAnonymousIpList", "VendorName": "AWS", }, }, "VisibilityConfig": Object { "CloudWatchMetricsEnabled": true, "MetricName": "Default--ApiTest-Acl-WebAcl-AWS-AWSManagedRulesAnonymousIpList", "SampledRequestsEnabled": true, }, }, ], "Scope": "REGIONAL", "VisibilityConfig": Object { "CloudWatchMetricsEnabled": true, "MetricName": "Default--ApiTest-Acl-WebAcl", "SampledRequestsEnabled": true, }, }, "Type": "AWS::WAFv2::WebACL", }, "ApiTestApiTestAclWebACLAssociation54801610": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "ResourceArn": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":apigateway:", Object { "Ref": "AWS::Region", }, "::/restapis/", Object { "Ref": "ApiTestEE73F324", }, "/stages/", Object { "Ref": "ApiTestDeploymentStageprod660267A6", }, ], ], }, "WebACLArn": Object { "Fn::GetAtt": Array [ "ApiTestApiTestAclWebACL9E75156F", "Arn", ], }, }, "Type": "AWS::WAFv2::WebACLAssociation", }, "ApiTestCloudWatchRole56ED0814": Object { "DeletionPolicy": "Retain", "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "apigateway.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", ], ], }, ], }, "Type": "AWS::IAM::Role", "UpdateReplacePolicy": "Retain", }, "ApiTestDeployment153EC478ba688c73ecd411d6bc46f33941546de6": Object { "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Description": "Automatically created by the RestApi construct", "RestApiId": Object { "Ref": "ApiTestEE73F324", }, }, "Type": "AWS::ApiGateway::Deployment", }, "ApiTestDeploymentStageprod660267A6": Object { "DependsOn": Array [ "ApiTestAccount272B5CDD", "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AccessLogSetting": Object { "DestinationArn": Object { "Fn::GetAtt": Array [ "ApiTestAccessLogs92CFE051", "Arn", ], }, "Format": "$context.identity.sourceIp $context.identity.caller $context.identity.user [$context.requestTime] \\"$context.httpMethod $context.resourcePath $context.protocol\\" $context.status $context.responseLength $context.requestId", }, "DeploymentId": Object { "Ref": "ApiTestDeployment153EC478ba688c73ecd411d6bc46f33941546de6", }, "MethodSettings": Array [ Object { "DataTraceEnabled": false, "HttpMethod": "*", "LoggingLevel": "INFO", "ResourcePath": "/*", }, ], "RestApiId": Object { "Ref": "ApiTestEE73F324", }, "StageName": "prod", }, "Type": "AWS::ApiGateway::Stage", }, "ApiTestEE73F324": Object { "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "BodyS3Location": Object { "Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "Key": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", "outputSpecKey", ], }, }, "Name": "ApiTest", }, "Type": "AWS::ApiGateway::RestApi", }, "ApiTestLambdaPermissiontestOperationECAC1A2D": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Action": "lambda:InvokeFunction", "FunctionName": Object { "Fn::GetAtt": Array [ "LambdaD247545B", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":execute-api:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":", Object { "Ref": "ApiTestEE73F324", }, "/*/GET/test", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "ApiTestPrepareSpecA3536D2B": Object { "DependsOn": Array [ "ApiTestPrepareSpecRole44D562E5", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Code": Object { "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "0a558975b3b6d936445a7f9d8d329b154853a6cdcb513008e91fd4e963842023.zip", }, "FunctionName": "Default-PrepareSpec", "Handler": "index.handler", "Role": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecRole44D562E5", "Arn", ], }, "Runtime": "nodejs18.x", "Timeout": 30, }, "Type": "AWS::Lambda::Function", }, "ApiTestPrepareSpecCustomResourceC9800EE6": Object { "DeletionPolicy": "Delete", "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "ServiceToken": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecProviderframeworkonEvent2FA9E188", "Arn", ], }, "inputSpecLocation": Object { "bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "key": "ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json", }, "integrations": Object { "testOperation": Object { "integration": Object { "httpMethod": "POST", "passthroughBehavior": "WHEN_NO_MATCH", "type": "AWS_PROXY", "uri": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":apigateway:", Object { "Ref": "AWS::Region", }, ":lambda:path/2015-03-31/functions/", Object { "Fn::GetAtt": Array [ "LambdaD247545B", "Arn", ], }, "/invocations", ], ], }, }, }, }, "operationLookup": Object { "testOperation": Object { "method": "get", "path": "/test", }, }, "outputSpecLocation": Object { "bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "key": "ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared", }, "securitySchemes": Object {}, }, "Type": "AWS::CloudFormation::CustomResource", "UpdateReplacePolicy": "Delete", }, "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "lambda:InvokeFunction", "Effect": "Allow", "Resource": Array [ Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, Object { "Fn::Join": Array [ "", Array [ Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, ":*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78", "Roles": Array [ Object { "Ref": "ApiTestPrepareSpecProviderRoleF47822B8", }, ], }, "Type": "AWS::IAM::Policy", }, "ApiTestPrepareSpecProviderRoleF47822B8": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec-Provider", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec-Provider:*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "logs", }, ], }, "Type": "AWS::IAM::Role", }, "ApiTestPrepareSpecProviderframeworkonEvent2FA9E188": Object { "DependsOn": Array [ "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78", "ApiTestPrepareSpecProviderRoleF47822B8", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-L1", "reason": "Latest runtime cannot be configured. CDK will need to upgrade the Provider construct accordingly.", }, Object { "id": "AwsPrototyping-LambdaLatestVersion", "reason": "Latest runtime cannot be configured. CDK will need to upgrade the Provider construct accordingly.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Code": Object { "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "e8fea7e029780f03a78580d41b7ffbc4551d6e7d6caa190a451880191c166189.zip", }, "Description": "AWS CDK resource provider framework - onEvent (Default/ApiTest/PrepareSpecProvider)", "Environment": Object { "Variables": Object { "USER_ON_EVENT_FUNCTION_ARN": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, }, }, "FunctionName": "Default-PrepareSpec-Provider", "Handler": "framework.onEvent", "Role": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecProviderRoleF47822B8", "Arn", ], }, "Runtime": "nodejs14.x", "Timeout": 900, }, "Type": "AWS::Lambda::Function", }, "ApiTestPrepareSpecRole44D562E5": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Resource::arn:aws:logs:::log-group:/aws/lambda/Default-PrepareSpec:*/g", }, ], "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn::s3:.*/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*/g", }, ], "id": "AwsSolutions-IAM5", "reason": "S3 resources have been scoped down to the appropriate prefix in the CDK asset bucket, however * is still needed as since the prepared spec hash is not known until deploy time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn:aws:logs:::log-group:/aws/lambda/Default-PrepareSpec:*/g", }, ], "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn::s3:.*/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*/g", }, ], "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "S3 resources have been scoped down to the appropriate prefix in the CDK asset bucket, however * is still needed as since the prepared spec hash is not known until deploy time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec:*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "logs", }, Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:getObject", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::", Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json", ], ], }, }, Object { "Action": "s3:putObject", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::", Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "s3", }, ], }, "Type": "AWS::IAM::Role", }, "LambdaD247545B": Object { "DependsOn": Array [ "LambdaServiceRoleA8ED4D3B", ], "Properties": Object { "Code": Object { "ZipFile": "code", }, "Handler": "handler", "Role": Object { "Fn::GetAtt": Array [ "LambdaServiceRoleA8ED4D3B", "Arn", ], }, "Runtime": "nodejs16.x", }, "Type": "AWS::Lambda::Function", }, "LambdaServiceRoleA8ED4D3B": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, ], }, "Type": "AWS::IAM::Role", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`OpenAPI Gateway Rest Api Construct Unit Tests With IAM Auth and CORS 1`] = ` Object { "Outputs": Object { "ApiTestEndpoint34A72375": Object { "Value": Object { "Fn::Join": Array [ "", Array [ "https://", Object { "Ref": "ApiTestEE73F324", }, ".execute-api.", Object { "Ref": "AWS::Region", }, ".", Object { "Ref": "AWS::URLSuffix", }, "/", Object { "Ref": "ApiTestDeploymentStageprod660267A6", }, "/", ], ], }, }, }, "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "ApiTestAccessLogs92CFE051": Object { "DeletionPolicy": "Retain", "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "RetentionInDays": 731, }, "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, "ApiTestAccount272B5CDD": Object { "DeletionPolicy": "Retain", "DependsOn": Array [ "ApiTestEE73F324", "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "CloudWatchRoleArn": Object { "Fn::GetAtt": Array [ "ApiTestCloudWatchRole56ED0814", "Arn", ], }, }, "Type": "AWS::ApiGateway::Account", "UpdateReplacePolicy": "Retain", }, "ApiTestApiTestAclWebACL9E75156F": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "DefaultAction": Object { "Allow": Object {}, }, "Name": "Default--ApiTest-Acl-WebAcl", "Rules": Array [ Object { "Name": "AWS-AWSManagedRulesCommonRuleSet", "OverrideAction": Object { "None": Object {}, }, "Priority": 2, "Statement": Object { "ManagedRuleGroupStatement": Object { "Name": "AWSManagedRulesCommonRuleSet", "VendorName": "AWS", }, }, "VisibilityConfig": Object { "CloudWatchMetricsEnabled": true, "MetricName": "Default--ApiTest-Acl-WebAcl-AWS-AWSManagedRulesCommonRuleSet", "SampledRequestsEnabled": true, }, }, ], "Scope": "REGIONAL", "VisibilityConfig": Object { "CloudWatchMetricsEnabled": true, "MetricName": "Default--ApiTest-Acl-WebAcl", "SampledRequestsEnabled": true, }, }, "Type": "AWS::WAFv2::WebACL", }, "ApiTestApiTestAclWebACLAssociation54801610": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "ResourceArn": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":apigateway:", Object { "Ref": "AWS::Region", }, "::/restapis/", Object { "Ref": "ApiTestEE73F324", }, "/stages/", Object { "Ref": "ApiTestDeploymentStageprod660267A6", }, ], ], }, "WebACLArn": Object { "Fn::GetAtt": Array [ "ApiTestApiTestAclWebACL9E75156F", "Arn", ], }, }, "Type": "AWS::WAFv2::WebACLAssociation", }, "ApiTestCloudWatchRole56ED0814": Object { "DeletionPolicy": "Retain", "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "apigateway.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", ], ], }, ], }, "Type": "AWS::IAM::Role", "UpdateReplacePolicy": "Retain", }, "ApiTestDeployment153EC478c3d7b9ef89b3ebd4ebe91f7143275c03": Object { "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Description": "Automatically created by the RestApi construct", "RestApiId": Object { "Ref": "ApiTestEE73F324", }, }, "Type": "AWS::ApiGateway::Deployment", }, "ApiTestDeploymentStageprod660267A6": Object { "DependsOn": Array [ "ApiTestAccount272B5CDD", "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AccessLogSetting": Object { "DestinationArn": Object { "Fn::GetAtt": Array [ "ApiTestAccessLogs92CFE051", "Arn", ], }, "Format": "$context.identity.sourceIp $context.identity.caller $context.identity.user [$context.requestTime] \\"$context.httpMethod $context.resourcePath $context.protocol\\" $context.status $context.responseLength $context.requestId", }, "DeploymentId": Object { "Ref": "ApiTestDeployment153EC478c3d7b9ef89b3ebd4ebe91f7143275c03", }, "MethodSettings": Array [ Object { "DataTraceEnabled": false, "HttpMethod": "*", "LoggingLevel": "INFO", "ResourcePath": "/*", }, ], "RestApiId": Object { "Ref": "ApiTestEE73F324", }, "StageName": "prod", }, "Type": "AWS::ApiGateway::Stage", }, "ApiTestEE73F324": Object { "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "BodyS3Location": Object { "Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "Key": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", "outputSpecKey", ], }, }, "Name": "ApiTest", }, "Type": "AWS::ApiGateway::RestApi", }, "ApiTestLambdaPermissiontestOperationECAC1A2D": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Action": "lambda:InvokeFunction", "FunctionName": Object { "Fn::GetAtt": Array [ "LambdaD247545B", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":execute-api:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":", Object { "Ref": "ApiTestEE73F324", }, "/*/GET/test", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "ApiTestPrepareSpecA3536D2B": Object { "DependsOn": Array [ "ApiTestPrepareSpecRole44D562E5", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Code": Object { "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "0a558975b3b6d936445a7f9d8d329b154853a6cdcb513008e91fd4e963842023.zip", }, "FunctionName": "Default-PrepareSpec", "Handler": "index.handler", "Role": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecRole44D562E5", "Arn", ], }, "Runtime": "nodejs18.x", "Timeout": 30, }, "Type": "AWS::Lambda::Function", }, "ApiTestPrepareSpecCustomResourceC9800EE6": Object { "DeletionPolicy": "Delete", "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "ServiceToken": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecProviderframeworkonEvent2FA9E188", "Arn", ], }, "corsOptions": Object { "allowHeaders": Array [ "Content-Type", "X-Amz-Date", "Authorization", "X-Api-Key", "X-Amz-Security-Token", "X-Amz-User-Agent", ], "allowMethods": Array [ "OPTIONS", "GET", "PUT", "POST", "DELETE", "PATCH", "HEAD", ], "allowOrigins": Array [ "*", ], "statusCode": 200, }, "defaultAuthorizerReference": Object { "authorizerId": "aws.auth.sigv4", }, "inputSpecLocation": Object { "bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "key": "ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json", }, "integrations": Object { "testOperation": Object { "integration": Object { "httpMethod": "POST", "passthroughBehavior": "WHEN_NO_MATCH", "type": "AWS_PROXY", "uri": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":apigateway:", Object { "Ref": "AWS::Region", }, ":lambda:path/2015-03-31/functions/", Object { "Fn::GetAtt": Array [ "LambdaD247545B", "Arn", ], }, "/invocations", ], ], }, }, }, }, "operationLookup": Object { "testOperation": Object { "method": "get", "path": "/test", }, }, "outputSpecLocation": Object { "bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "key": "ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared", }, "securitySchemes": Object { "aws.auth.sigv4": Object { "in": "header", "name": "Authorization", "type": "apiKey", "x-amazon-apigateway-authtype": "awsSigv4", }, }, }, "Type": "AWS::CloudFormation::CustomResource", "UpdateReplacePolicy": "Delete", }, "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "lambda:InvokeFunction", "Effect": "Allow", "Resource": Array [ Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, Object { "Fn::Join": Array [ "", Array [ Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, ":*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78", "Roles": Array [ Object { "Ref": "ApiTestPrepareSpecProviderRoleF47822B8", }, ], }, "Type": "AWS::IAM::Policy", }, "ApiTestPrepareSpecProviderRoleF47822B8": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec-Provider", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec-Provider:*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "logs", }, ], }, "Type": "AWS::IAM::Role", }, "ApiTestPrepareSpecProviderframeworkonEvent2FA9E188": Object { "DependsOn": Array [ "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78", "ApiTestPrepareSpecProviderRoleF47822B8", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-L1", "reason": "Latest runtime cannot be configured. CDK will need to upgrade the Provider construct accordingly.", }, Object { "id": "AwsPrototyping-LambdaLatestVersion", "reason": "Latest runtime cannot be configured. CDK will need to upgrade the Provider construct accordingly.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Code": Object { "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "e8fea7e029780f03a78580d41b7ffbc4551d6e7d6caa190a451880191c166189.zip", }, "Description": "AWS CDK resource provider framework - onEvent (Default/ApiTest/PrepareSpecProvider)", "Environment": Object { "Variables": Object { "USER_ON_EVENT_FUNCTION_ARN": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, }, }, "FunctionName": "Default-PrepareSpec-Provider", "Handler": "framework.onEvent", "Role": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecProviderRoleF47822B8", "Arn", ], }, "Runtime": "nodejs14.x", "Timeout": 900, }, "Type": "AWS::Lambda::Function", }, "ApiTestPrepareSpecRole44D562E5": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Resource::arn:aws:logs:::log-group:/aws/lambda/Default-PrepareSpec:*/g", }, ], "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn::s3:.*/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*/g", }, ], "id": "AwsSolutions-IAM5", "reason": "S3 resources have been scoped down to the appropriate prefix in the CDK asset bucket, however * is still needed as since the prepared spec hash is not known until deploy time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn:aws:logs:::log-group:/aws/lambda/Default-PrepareSpec:*/g", }, ], "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn::s3:.*/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*/g", }, ], "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "S3 resources have been scoped down to the appropriate prefix in the CDK asset bucket, however * is still needed as since the prepared spec hash is not known until deploy time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec:*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "logs", }, Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:getObject", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::", Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json", ], ], }, }, Object { "Action": "s3:putObject", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::", Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "s3", }, ], }, "Type": "AWS::IAM::Role", }, "LambdaD247545B": Object { "DependsOn": Array [ "LambdaServiceRoleA8ED4D3B", ], "Properties": Object { "Code": Object { "ZipFile": "code", }, "Handler": "handler", "Role": Object { "Fn::GetAtt": Array [ "LambdaServiceRoleA8ED4D3B", "Arn", ], }, "Runtime": "nodejs16.x", }, "Type": "AWS::Lambda::Function", }, "LambdaServiceRoleA8ED4D3B": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, ], }, "Type": "AWS::IAM::Role", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`OpenAPI Gateway Rest Api Construct Unit Tests With Mixed Auth 1`] = ` Object { "Outputs": Object { "ApiTestEndpoint34A72375": Object { "Value": Object { "Fn::Join": Array [ "", Array [ "https://", Object { "Ref": "ApiTestEE73F324", }, ".execute-api.", Object { "Ref": "AWS::Region", }, ".", Object { "Ref": "AWS::URLSuffix", }, "/", Object { "Ref": "ApiTestDeploymentStageprod660267A6", }, "/", ], ], }, }, }, "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "ApiTestAccessLogs92CFE051": Object { "DeletionPolicy": "Retain", "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "RetentionInDays": 731, }, "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, "ApiTestAccount272B5CDD": Object { "DeletionPolicy": "Retain", "DependsOn": Array [ "ApiTestEE73F324", "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "CloudWatchRoleArn": Object { "Fn::GetAtt": Array [ "ApiTestCloudWatchRole56ED0814", "Arn", ], }, }, "Type": "AWS::ApiGateway::Account", "UpdateReplacePolicy": "Retain", }, "ApiTestApiTestAclWebACL9E75156F": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "DefaultAction": Object { "Allow": Object {}, }, "Name": "Default--ApiTest-Acl-WebAcl", "Rules": Array [ Object { "Name": "AWS-AWSManagedRulesCommonRuleSet", "OverrideAction": Object { "None": Object {}, }, "Priority": 2, "Statement": Object { "ManagedRuleGroupStatement": Object { "Name": "AWSManagedRulesCommonRuleSet", "VendorName": "AWS", }, }, "VisibilityConfig": Object { "CloudWatchMetricsEnabled": true, "MetricName": "Default--ApiTest-Acl-WebAcl-AWS-AWSManagedRulesCommonRuleSet", "SampledRequestsEnabled": true, }, }, ], "Scope": "REGIONAL", "VisibilityConfig": Object { "CloudWatchMetricsEnabled": true, "MetricName": "Default--ApiTest-Acl-WebAcl", "SampledRequestsEnabled": true, }, }, "Type": "AWS::WAFv2::WebACL", }, "ApiTestApiTestAclWebACLAssociation54801610": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "ResourceArn": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":apigateway:", Object { "Ref": "AWS::Region", }, "::/restapis/", Object { "Ref": "ApiTestEE73F324", }, "/stages/", Object { "Ref": "ApiTestDeploymentStageprod660267A6", }, ], ], }, "WebACLArn": Object { "Fn::GetAtt": Array [ "ApiTestApiTestAclWebACL9E75156F", "Arn", ], }, }, "Type": "AWS::WAFv2::WebACLAssociation", }, "ApiTestCloudWatchRole56ED0814": Object { "DeletionPolicy": "Retain", "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "apigateway.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", ], ], }, ], }, "Type": "AWS::IAM::Role", "UpdateReplacePolicy": "Retain", }, "ApiTestDeployment153EC47860a1edc076720b97c2bb9bf1a3d9c1e4": Object { "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Description": "Automatically created by the RestApi construct", "RestApiId": Object { "Ref": "ApiTestEE73F324", }, }, "Type": "AWS::ApiGateway::Deployment", }, "ApiTestDeploymentStageprod660267A6": Object { "DependsOn": Array [ "ApiTestAccount272B5CDD", "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AccessLogSetting": Object { "DestinationArn": Object { "Fn::GetAtt": Array [ "ApiTestAccessLogs92CFE051", "Arn", ], }, "Format": "$context.identity.sourceIp $context.identity.caller $context.identity.user [$context.requestTime] \\"$context.httpMethod $context.resourcePath $context.protocol\\" $context.status $context.responseLength $context.requestId", }, "DeploymentId": Object { "Ref": "ApiTestDeployment153EC47860a1edc076720b97c2bb9bf1a3d9c1e4", }, "MethodSettings": Array [ Object { "DataTraceEnabled": false, "HttpMethod": "*", "LoggingLevel": "INFO", "ResourcePath": "/*", }, ], "RestApiId": Object { "Ref": "ApiTestEE73F324", }, "StageName": "prod", }, "Type": "AWS::ApiGateway::Stage", }, "ApiTestEE73F324": Object { "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "BodyS3Location": Object { "Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "Key": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", "outputSpecKey", ], }, }, "Name": "ApiTest", }, "Type": "AWS::ApiGateway::RestApi", }, "ApiTestLambdaPermissiondeleteOperationCF8B1751": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Action": "lambda:InvokeFunction", "FunctionName": Object { "Fn::GetAtt": Array [ "LambdaIntegration16842491", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":execute-api:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":", Object { "Ref": "ApiTestEE73F324", }, "/*/DELETE/test", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "ApiTestLambdaPermissiongetOperationE32C7896": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Action": "lambda:InvokeFunction", "FunctionName": Object { "Fn::GetAtt": Array [ "LambdaIntegration16842491", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":execute-api:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":", Object { "Ref": "ApiTestEE73F324", }, "/*/GET/test", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "ApiTestLambdaPermissionmyCustomAuthorizer2D3D850D": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Action": "lambda:InvokeFunction", "FunctionName": Object { "Fn::GetAtt": Array [ "LambdaAuthorizerB5870E9B", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":execute-api:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":", Object { "Ref": "ApiTestEE73F324", }, "/*/*", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "ApiTestLambdaPermissionpostOperation5287C28F": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Action": "lambda:InvokeFunction", "FunctionName": Object { "Fn::GetAtt": Array [ "LambdaIntegration16842491", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":execute-api:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":", Object { "Ref": "ApiTestEE73F324", }, "/*/POST/test", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "ApiTestLambdaPermissionputOperation80355FB2": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Action": "lambda:InvokeFunction", "FunctionName": Object { "Fn::GetAtt": Array [ "LambdaIntegration16842491", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":execute-api:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":", Object { "Ref": "ApiTestEE73F324", }, "/*/PUT/test", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "ApiTestPrepareSpecA3536D2B": Object { "DependsOn": Array [ "ApiTestPrepareSpecRole44D562E5", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Code": Object { "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "0a558975b3b6d936445a7f9d8d329b154853a6cdcb513008e91fd4e963842023.zip", }, "FunctionName": "Default-PrepareSpec", "Handler": "index.handler", "Role": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecRole44D562E5", "Arn", ], }, "Runtime": "nodejs18.x", "Timeout": 30, }, "Type": "AWS::Lambda::Function", }, "ApiTestPrepareSpecCustomResourceC9800EE6": Object { "DeletionPolicy": "Delete", "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "ServiceToken": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecProviderframeworkonEvent2FA9E188", "Arn", ], }, "defaultAuthorizerReference": Object { "authorizerId": "aws.auth.sigv4", }, "inputSpecLocation": Object { "bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "key": "59c8d7b10656c48be66a3a7cb22540b5dc6f56cfa67229affa21977c6567f30e.json", }, "integrations": Object { "deleteOperation": Object { "integration": Object { "httpMethod": "POST", "passthroughBehavior": "WHEN_NO_MATCH", "type": "AWS_PROXY", "uri": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":apigateway:", Object { "Ref": "AWS::Region", }, ":lambda:path/2015-03-31/functions/", Object { "Fn::GetAtt": Array [ "LambdaIntegration16842491", "Arn", ], }, "/invocations", ], ], }, }, }, "getOperation": Object { "integration": Object { "httpMethod": "POST", "passthroughBehavior": "WHEN_NO_MATCH", "type": "AWS_PROXY", "uri": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":apigateway:", Object { "Ref": "AWS::Region", }, ":lambda:path/2015-03-31/functions/", Object { "Fn::GetAtt": Array [ "LambdaIntegration16842491", "Arn", ], }, "/invocations", ], ], }, }, "methodAuthorizer": Object { "authorizationScopes": Array [ "foo/bar", ], "authorizerId": "myCognitoAuthorizer", }, }, "postOperation": Object { "integration": Object { "httpMethod": "POST", "passthroughBehavior": "WHEN_NO_MATCH", "type": "AWS_PROXY", "uri": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":apigateway:", Object { "Ref": "AWS::Region", }, ":lambda:path/2015-03-31/functions/", Object { "Fn::GetAtt": Array [ "LambdaIntegration16842491", "Arn", ], }, "/invocations", ], ], }, }, "methodAuthorizer": Object { "authorizerId": "myCustomAuthorizer", }, }, "putOperation": Object { "integration": Object { "httpMethod": "POST", "passthroughBehavior": "WHEN_NO_MATCH", "type": "AWS_PROXY", "uri": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":apigateway:", Object { "Ref": "AWS::Region", }, ":lambda:path/2015-03-31/functions/", Object { "Fn::GetAtt": Array [ "LambdaIntegration16842491", "Arn", ], }, "/invocations", ], ], }, }, "methodAuthorizer": Object { "authorizationScopes": Array [ "other/scope", ], "authorizerId": "myCognitoAuthorizer", }, }, }, "operationLookup": Object { "deleteOperation": Object { "method": "delete", "path": "/test", }, "getOperation": Object { "method": "get", "path": "/test", }, "postOperation": Object { "method": "post", "path": "/test", }, "putOperation": Object { "method": "put", "path": "/test", }, }, "outputSpecLocation": Object { "bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "key": "59c8d7b10656c48be66a3a7cb22540b5dc6f56cfa67229affa21977c6567f30e.json-prepared", }, "securitySchemes": Object { "aws.auth.sigv4": Object { "in": "header", "name": "Authorization", "type": "apiKey", "x-amazon-apigateway-authtype": "awsSigv4", }, "myCognitoAuthorizer": Object { "in": "header", "name": "Authorization", "type": "apiKey", "x-amazon-apigateway-authorizer": Object { "providerARNs": Array [ Object { "Fn::GetAtt": Array [ "pool056F3F7E", "Arn", ], }, ], "type": "COGNITO_USER_POOLS", }, "x-amazon-apigateway-authtype": "COGNITO_USER_POOLS", }, "myCustomAuthorizer": Object { "in": "header", "name": "Unused", "type": "apiKey", "x-amazon-apigateway-authorizer": Object { "authorizerResultTtlInSeconds": 60, "authorizerUri": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":apigateway:", Object { "Ref": "AWS::Region", }, ":lambda:path/2015-03-31/functions/", Object { "Fn::GetAtt": Array [ "LambdaAuthorizerB5870E9B", "Arn", ], }, "/invocations", ], ], }, "identitySource": "method.request.querystring.QueryString1", "type": "request", }, "x-amazon-apigateway-authtype": "CUSTOM", }, }, }, "Type": "AWS::CloudFormation::CustomResource", "UpdateReplacePolicy": "Delete", }, "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "lambda:InvokeFunction", "Effect": "Allow", "Resource": Array [ Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, Object { "Fn::Join": Array [ "", Array [ Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, ":*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78", "Roles": Array [ Object { "Ref": "ApiTestPrepareSpecProviderRoleF47822B8", }, ], }, "Type": "AWS::IAM::Policy", }, "ApiTestPrepareSpecProviderRoleF47822B8": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec-Provider", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec-Provider:*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "logs", }, ], }, "Type": "AWS::IAM::Role", }, "ApiTestPrepareSpecProviderframeworkonEvent2FA9E188": Object { "DependsOn": Array [ "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78", "ApiTestPrepareSpecProviderRoleF47822B8", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-L1", "reason": "Latest runtime cannot be configured. CDK will need to upgrade the Provider construct accordingly.", }, Object { "id": "AwsPrototyping-LambdaLatestVersion", "reason": "Latest runtime cannot be configured. CDK will need to upgrade the Provider construct accordingly.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Code": Object { "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "e8fea7e029780f03a78580d41b7ffbc4551d6e7d6caa190a451880191c166189.zip", }, "Description": "AWS CDK resource provider framework - onEvent (Default/ApiTest/PrepareSpecProvider)", "Environment": Object { "Variables": Object { "USER_ON_EVENT_FUNCTION_ARN": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, }, }, "FunctionName": "Default-PrepareSpec-Provider", "Handler": "framework.onEvent", "Role": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecProviderRoleF47822B8", "Arn", ], }, "Runtime": "nodejs14.x", "Timeout": 900, }, "Type": "AWS::Lambda::Function", }, "ApiTestPrepareSpecRole44D562E5": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Resource::arn:aws:logs:::log-group:/aws/lambda/Default-PrepareSpec:*/g", }, ], "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn::s3:.*/59c8d7b10656c48be66a3a7cb22540b5dc6f56cfa67229affa21977c6567f30e.json-prepared/*/g", }, ], "id": "AwsSolutions-IAM5", "reason": "S3 resources have been scoped down to the appropriate prefix in the CDK asset bucket, however * is still needed as since the prepared spec hash is not known until deploy time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn:aws:logs:::log-group:/aws/lambda/Default-PrepareSpec:*/g", }, ], "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn::s3:.*/59c8d7b10656c48be66a3a7cb22540b5dc6f56cfa67229affa21977c6567f30e.json-prepared/*/g", }, ], "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "S3 resources have been scoped down to the appropriate prefix in the CDK asset bucket, however * is still needed as since the prepared spec hash is not known until deploy time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec:*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "logs", }, Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:getObject", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::", Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "/59c8d7b10656c48be66a3a7cb22540b5dc6f56cfa67229affa21977c6567f30e.json", ], ], }, }, Object { "Action": "s3:putObject", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::", Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "/59c8d7b10656c48be66a3a7cb22540b5dc6f56cfa67229affa21977c6567f30e.json-prepared/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "s3", }, ], }, "Type": "AWS::IAM::Role", }, "LambdaAuthorizerB5870E9B": Object { "DependsOn": Array [ "LambdaAuthorizerServiceRole801EAE1C", ], "Properties": Object { "Code": Object { "ZipFile": "auth", }, "Handler": "handler", "Role": Object { "Fn::GetAtt": Array [ "LambdaAuthorizerServiceRole801EAE1C", "Arn", ], }, "Runtime": "nodejs16.x", }, "Type": "AWS::Lambda::Function", }, "LambdaAuthorizerServiceRole801EAE1C": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, ], }, "Type": "AWS::IAM::Role", }, "LambdaIntegration16842491": Object { "DependsOn": Array [ "LambdaIntegrationServiceRoleD411B201", ], "Properties": Object { "Code": Object { "ZipFile": "integration", }, "Handler": "handler", "Role": Object { "Fn::GetAtt": Array [ "LambdaIntegrationServiceRoleD411B201", "Arn", ], }, "Runtime": "nodejs16.x", }, "Type": "AWS::Lambda::Function", }, "LambdaIntegrationServiceRoleD411B201": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, ], }, "Type": "AWS::IAM::Role", }, "pool056F3F7E": Object { "DeletionPolicy": "Retain", "Properties": Object { "AccountRecoverySetting": Object { "RecoveryMechanisms": Array [ Object { "Name": "verified_phone_number", "Priority": 1, }, Object { "Name": "verified_email", "Priority": 2, }, ], }, "AdminCreateUserConfig": Object { "AllowAdminCreateUserOnly": true, }, "EmailVerificationMessage": "The verification code to your new account is {####}", "EmailVerificationSubject": "Verify your new account", "SmsVerificationMessage": "The verification code to your new account is {####}", "VerificationMessageTemplate": Object { "DefaultEmailOption": "CONFIRM_WITH_CODE", "EmailMessage": "The verification code to your new account is {####}", "EmailSubject": "Verify your new account", "SmsMessage": "The verification code to your new account is {####}", }, }, "Type": "AWS::Cognito::UserPool", "UpdateReplacePolicy": "Retain", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`OpenAPI Gateway Rest Api Construct Unit Tests With Path Parameters 1`] = ` Object { "Outputs": Object { "ApiTestEndpoint34A72375": Object { "Value": Object { "Fn::Join": Array [ "", Array [ "https://", Object { "Ref": "ApiTestEE73F324", }, ".execute-api.", Object { "Ref": "AWS::Region", }, ".", Object { "Ref": "AWS::URLSuffix", }, "/", Object { "Ref": "ApiTestDeploymentStageprod660267A6", }, "/", ], ], }, }, }, "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "ApiTestAccessLogs92CFE051": Object { "DeletionPolicy": "Retain", "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "RetentionInDays": 731, }, "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, "ApiTestAccount272B5CDD": Object { "DeletionPolicy": "Retain", "DependsOn": Array [ "ApiTestEE73F324", "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "CloudWatchRoleArn": Object { "Fn::GetAtt": Array [ "ApiTestCloudWatchRole56ED0814", "Arn", ], }, }, "Type": "AWS::ApiGateway::Account", "UpdateReplacePolicy": "Retain", }, "ApiTestApiTestAclWebACL9E75156F": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "DefaultAction": Object { "Allow": Object {}, }, "Name": "Default--ApiTest-Acl-WebAcl", "Rules": Array [ Object { "Name": "AWS-AWSManagedRulesCommonRuleSet", "OverrideAction": Object { "None": Object {}, }, "Priority": 2, "Statement": Object { "ManagedRuleGroupStatement": Object { "Name": "AWSManagedRulesCommonRuleSet", "VendorName": "AWS", }, }, "VisibilityConfig": Object { "CloudWatchMetricsEnabled": true, "MetricName": "Default--ApiTest-Acl-WebAcl-AWS-AWSManagedRulesCommonRuleSet", "SampledRequestsEnabled": true, }, }, ], "Scope": "REGIONAL", "VisibilityConfig": Object { "CloudWatchMetricsEnabled": true, "MetricName": "Default--ApiTest-Acl-WebAcl", "SampledRequestsEnabled": true, }, }, "Type": "AWS::WAFv2::WebACL", }, "ApiTestApiTestAclWebACLAssociation54801610": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "ResourceArn": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":apigateway:", Object { "Ref": "AWS::Region", }, "::/restapis/", Object { "Ref": "ApiTestEE73F324", }, "/stages/", Object { "Ref": "ApiTestDeploymentStageprod660267A6", }, ], ], }, "WebACLArn": Object { "Fn::GetAtt": Array [ "ApiTestApiTestAclWebACL9E75156F", "Arn", ], }, }, "Type": "AWS::WAFv2::WebACLAssociation", }, "ApiTestCloudWatchRole56ED0814": Object { "DeletionPolicy": "Retain", "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "apigateway.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", ], ], }, ], }, "Type": "AWS::IAM::Role", "UpdateReplacePolicy": "Retain", }, "ApiTestDeployment153EC478ed5e71f4a5bc4f71e07a9dafbe8ea425": Object { "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Description": "Automatically created by the RestApi construct", "RestApiId": Object { "Ref": "ApiTestEE73F324", }, }, "Type": "AWS::ApiGateway::Deployment", }, "ApiTestDeploymentStageprod660267A6": Object { "DependsOn": Array [ "ApiTestAccount272B5CDD", "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AccessLogSetting": Object { "DestinationArn": Object { "Fn::GetAtt": Array [ "ApiTestAccessLogs92CFE051", "Arn", ], }, "Format": "$context.identity.sourceIp $context.identity.caller $context.identity.user [$context.requestTime] \\"$context.httpMethod $context.resourcePath $context.protocol\\" $context.status $context.responseLength $context.requestId", }, "DeploymentId": Object { "Ref": "ApiTestDeployment153EC478ed5e71f4a5bc4f71e07a9dafbe8ea425", }, "MethodSettings": Array [ Object { "DataTraceEnabled": false, "HttpMethod": "*", "LoggingLevel": "INFO", "ResourcePath": "/*", }, ], "RestApiId": Object { "Ref": "ApiTestEE73F324", }, "StageName": "prod", }, "Type": "AWS::ApiGateway::Stage", }, "ApiTestEE73F324": Object { "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "BodyS3Location": Object { "Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "Key": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", "outputSpecKey", ], }, }, "Name": "ApiTest", }, "Type": "AWS::ApiGateway::RestApi", }, "ApiTestLambdaPermissiontestOperationECAC1A2D": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Action": "lambda:InvokeFunction", "FunctionName": Object { "Fn::GetAtt": Array [ "LambdaD247545B", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":execute-api:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":", Object { "Ref": "ApiTestEE73F324", }, "/*/GET/test/*/fixed/*/*", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "ApiTestPrepareSpecA3536D2B": Object { "DependsOn": Array [ "ApiTestPrepareSpecRole44D562E5", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Code": Object { "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "0a558975b3b6d936445a7f9d8d329b154853a6cdcb513008e91fd4e963842023.zip", }, "FunctionName": "Default-PrepareSpec", "Handler": "index.handler", "Role": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecRole44D562E5", "Arn", ], }, "Runtime": "nodejs18.x", "Timeout": 30, }, "Type": "AWS::Lambda::Function", }, "ApiTestPrepareSpecCustomResourceC9800EE6": Object { "DeletionPolicy": "Delete", "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "ServiceToken": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecProviderframeworkonEvent2FA9E188", "Arn", ], }, "inputSpecLocation": Object { "bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "key": "6060611f34e7c9e9000a19922d48dfd8d47d66cbf3715fb30e173c4b51d9061b.json", }, "integrations": Object { "testOperation": Object { "integration": Object { "httpMethod": "POST", "passthroughBehavior": "WHEN_NO_MATCH", "type": "AWS_PROXY", "uri": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":apigateway:", Object { "Ref": "AWS::Region", }, ":lambda:path/2015-03-31/functions/", Object { "Fn::GetAtt": Array [ "LambdaD247545B", "Arn", ], }, "/invocations", ], ], }, }, }, }, "operationLookup": Object { "testOperation": Object { "method": "get", "path": "/test/{param1}/fixed/{param2}/{param3}", }, }, "outputSpecLocation": Object { "bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "key": "6060611f34e7c9e9000a19922d48dfd8d47d66cbf3715fb30e173c4b51d9061b.json-prepared", }, "securitySchemes": Object {}, }, "Type": "AWS::CloudFormation::CustomResource", "UpdateReplacePolicy": "Delete", }, "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "lambda:InvokeFunction", "Effect": "Allow", "Resource": Array [ Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, Object { "Fn::Join": Array [ "", Array [ Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, ":*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78", "Roles": Array [ Object { "Ref": "ApiTestPrepareSpecProviderRoleF47822B8", }, ], }, "Type": "AWS::IAM::Policy", }, "ApiTestPrepareSpecProviderRoleF47822B8": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec-Provider", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec-Provider:*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "logs", }, ], }, "Type": "AWS::IAM::Role", }, "ApiTestPrepareSpecProviderframeworkonEvent2FA9E188": Object { "DependsOn": Array [ "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78", "ApiTestPrepareSpecProviderRoleF47822B8", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-L1", "reason": "Latest runtime cannot be configured. CDK will need to upgrade the Provider construct accordingly.", }, Object { "id": "AwsPrototyping-LambdaLatestVersion", "reason": "Latest runtime cannot be configured. CDK will need to upgrade the Provider construct accordingly.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Code": Object { "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "e8fea7e029780f03a78580d41b7ffbc4551d6e7d6caa190a451880191c166189.zip", }, "Description": "AWS CDK resource provider framework - onEvent (Default/ApiTest/PrepareSpecProvider)", "Environment": Object { "Variables": Object { "USER_ON_EVENT_FUNCTION_ARN": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, }, }, "FunctionName": "Default-PrepareSpec-Provider", "Handler": "framework.onEvent", "Role": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecProviderRoleF47822B8", "Arn", ], }, "Runtime": "nodejs14.x", "Timeout": 900, }, "Type": "AWS::Lambda::Function", }, "ApiTestPrepareSpecRole44D562E5": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Resource::arn:aws:logs:::log-group:/aws/lambda/Default-PrepareSpec:*/g", }, ], "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn::s3:.*/6060611f34e7c9e9000a19922d48dfd8d47d66cbf3715fb30e173c4b51d9061b.json-prepared/*/g", }, ], "id": "AwsSolutions-IAM5", "reason": "S3 resources have been scoped down to the appropriate prefix in the CDK asset bucket, however * is still needed as since the prepared spec hash is not known until deploy time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn:aws:logs:::log-group:/aws/lambda/Default-PrepareSpec:*/g", }, ], "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn::s3:.*/6060611f34e7c9e9000a19922d48dfd8d47d66cbf3715fb30e173c4b51d9061b.json-prepared/*/g", }, ], "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "S3 resources have been scoped down to the appropriate prefix in the CDK asset bucket, however * is still needed as since the prepared spec hash is not known until deploy time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec:*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "logs", }, Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:getObject", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::", Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "/6060611f34e7c9e9000a19922d48dfd8d47d66cbf3715fb30e173c4b51d9061b.json", ], ], }, }, Object { "Action": "s3:putObject", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::", Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "/6060611f34e7c9e9000a19922d48dfd8d47d66cbf3715fb30e173c4b51d9061b.json-prepared/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "s3", }, ], }, "Type": "AWS::IAM::Role", }, "LambdaD247545B": Object { "DependsOn": Array [ "LambdaServiceRoleA8ED4D3B", ], "Properties": Object { "Code": Object { "ZipFile": "code", }, "Handler": "handler", "Role": Object { "Fn::GetAtt": Array [ "LambdaServiceRoleA8ED4D3B", "Arn", ], }, "Runtime": "nodejs16.x", }, "Type": "AWS::Lambda::Function", }, "LambdaServiceRoleA8ED4D3B": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, ], }, "Type": "AWS::IAM::Role", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`OpenAPI Gateway Rest Api Construct Unit Tests With Waf IP Set 1`] = ` Object { "Outputs": Object { "ApiTestEndpoint34A72375": Object { "Value": Object { "Fn::Join": Array [ "", Array [ "https://", Object { "Ref": "ApiTestEE73F324", }, ".execute-api.", Object { "Ref": "AWS::Region", }, ".", Object { "Ref": "AWS::URLSuffix", }, "/", Object { "Ref": "ApiTestDeploymentStageprod660267A6", }, "/", ], ], }, }, }, "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "ApiTestAccessLogs92CFE051": Object { "DeletionPolicy": "Retain", "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "RetentionInDays": 731, }, "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, "ApiTestAccount272B5CDD": Object { "DeletionPolicy": "Retain", "DependsOn": Array [ "ApiTestEE73F324", "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "CloudWatchRoleArn": Object { "Fn::GetAtt": Array [ "ApiTestCloudWatchRole56ED0814", "Arn", ], }, }, "Type": "AWS::ApiGateway::Account", "UpdateReplacePolicy": "Retain", }, "ApiTestApiTestAclIPSet412969EA": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Addresses": Array [ "1.2.3.4/5", ], "IPAddressVersion": "IPV4", "Name": "Default--ApiTest-Acl-WebAcl-IPSet", "Scope": "REGIONAL", }, "Type": "AWS::WAFv2::IPSet", }, "ApiTestApiTestAclWebACL9E75156F": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "DefaultAction": Object { "Allow": Object {}, }, "Name": "Default--ApiTest-Acl-WebAcl", "Rules": Array [ Object { "Action": Object { "Block": Object {}, }, "Name": "Default--ApiTest-Acl-WebAcl-IPSet", "Priority": 1, "Statement": Object { "NotStatement": Object { "Statement": Object { "IPSetReferenceStatement": Object { "Arn": Object { "Fn::GetAtt": Array [ "ApiTestApiTestAclIPSet412969EA", "Arn", ], }, }, }, }, }, "VisibilityConfig": Object { "CloudWatchMetricsEnabled": true, "MetricName": "Default--ApiTest-Acl-WebAcl-IPSet", "SampledRequestsEnabled": true, }, }, Object { "Name": "AWS-AWSManagedRulesCommonRuleSet", "OverrideAction": Object { "None": Object {}, }, "Priority": 2, "Statement": Object { "ManagedRuleGroupStatement": Object { "Name": "AWSManagedRulesCommonRuleSet", "VendorName": "AWS", }, }, "VisibilityConfig": Object { "CloudWatchMetricsEnabled": true, "MetricName": "Default--ApiTest-Acl-WebAcl-AWS-AWSManagedRulesCommonRuleSet", "SampledRequestsEnabled": true, }, }, ], "Scope": "REGIONAL", "VisibilityConfig": Object { "CloudWatchMetricsEnabled": true, "MetricName": "Default--ApiTest-Acl-WebAcl", "SampledRequestsEnabled": true, }, }, "Type": "AWS::WAFv2::WebACL", }, "ApiTestApiTestAclWebACLAssociation54801610": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "ResourceArn": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":apigateway:", Object { "Ref": "AWS::Region", }, "::/restapis/", Object { "Ref": "ApiTestEE73F324", }, "/stages/", Object { "Ref": "ApiTestDeploymentStageprod660267A6", }, ], ], }, "WebACLArn": Object { "Fn::GetAtt": Array [ "ApiTestApiTestAclWebACL9E75156F", "Arn", ], }, }, "Type": "AWS::WAFv2::WebACLAssociation", }, "ApiTestCloudWatchRole56ED0814": Object { "DeletionPolicy": "Retain", "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "apigateway.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", ], ], }, ], }, "Type": "AWS::IAM::Role", "UpdateReplacePolicy": "Retain", }, "ApiTestDeployment153EC478ba688c73ecd411d6bc46f33941546de6": Object { "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Description": "Automatically created by the RestApi construct", "RestApiId": Object { "Ref": "ApiTestEE73F324", }, }, "Type": "AWS::ApiGateway::Deployment", }, "ApiTestDeploymentStageprod660267A6": Object { "DependsOn": Array [ "ApiTestAccount272B5CDD", "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AccessLogSetting": Object { "DestinationArn": Object { "Fn::GetAtt": Array [ "ApiTestAccessLogs92CFE051", "Arn", ], }, "Format": "$context.identity.sourceIp $context.identity.caller $context.identity.user [$context.requestTime] \\"$context.httpMethod $context.resourcePath $context.protocol\\" $context.status $context.responseLength $context.requestId", }, "DeploymentId": Object { "Ref": "ApiTestDeployment153EC478ba688c73ecd411d6bc46f33941546de6", }, "MethodSettings": Array [ Object { "DataTraceEnabled": false, "HttpMethod": "*", "LoggingLevel": "INFO", "ResourcePath": "/*", }, ], "RestApiId": Object { "Ref": "ApiTestEE73F324", }, "StageName": "prod", }, "Type": "AWS::ApiGateway::Stage", }, "ApiTestEE73F324": Object { "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "BodyS3Location": Object { "Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "Key": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", "outputSpecKey", ], }, }, "Name": "ApiTest", }, "Type": "AWS::ApiGateway::RestApi", }, "ApiTestLambdaPermissiontestOperationECAC1A2D": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Action": "lambda:InvokeFunction", "FunctionName": Object { "Fn::GetAtt": Array [ "LambdaD247545B", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":execute-api:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":", Object { "Ref": "ApiTestEE73F324", }, "/*/GET/test", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "ApiTestPrepareSpecA3536D2B": Object { "DependsOn": Array [ "ApiTestPrepareSpecRole44D562E5", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Code": Object { "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "0a558975b3b6d936445a7f9d8d329b154853a6cdcb513008e91fd4e963842023.zip", }, "FunctionName": "Default-PrepareSpec", "Handler": "index.handler", "Role": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecRole44D562E5", "Arn", ], }, "Runtime": "nodejs18.x", "Timeout": 30, }, "Type": "AWS::Lambda::Function", }, "ApiTestPrepareSpecCustomResourceC9800EE6": Object { "DeletionPolicy": "Delete", "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "ServiceToken": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecProviderframeworkonEvent2FA9E188", "Arn", ], }, "inputSpecLocation": Object { "bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "key": "ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json", }, "integrations": Object { "testOperation": Object { "integration": Object { "httpMethod": "POST", "passthroughBehavior": "WHEN_NO_MATCH", "type": "AWS_PROXY", "uri": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":apigateway:", Object { "Ref": "AWS::Region", }, ":lambda:path/2015-03-31/functions/", Object { "Fn::GetAtt": Array [ "LambdaD247545B", "Arn", ], }, "/invocations", ], ], }, }, }, }, "operationLookup": Object { "testOperation": Object { "method": "get", "path": "/test", }, }, "outputSpecLocation": Object { "bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "key": "ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared", }, "securitySchemes": Object {}, }, "Type": "AWS::CloudFormation::CustomResource", "UpdateReplacePolicy": "Delete", }, "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "lambda:InvokeFunction", "Effect": "Allow", "Resource": Array [ Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, Object { "Fn::Join": Array [ "", Array [ Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, ":*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78", "Roles": Array [ Object { "Ref": "ApiTestPrepareSpecProviderRoleF47822B8", }, ], }, "Type": "AWS::IAM::Policy", }, "ApiTestPrepareSpecProviderRoleF47822B8": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec-Provider", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec-Provider:*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "logs", }, ], }, "Type": "AWS::IAM::Role", }, "ApiTestPrepareSpecProviderframeworkonEvent2FA9E188": Object { "DependsOn": Array [ "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78", "ApiTestPrepareSpecProviderRoleF47822B8", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-L1", "reason": "Latest runtime cannot be configured. CDK will need to upgrade the Provider construct accordingly.", }, Object { "id": "AwsPrototyping-LambdaLatestVersion", "reason": "Latest runtime cannot be configured. CDK will need to upgrade the Provider construct accordingly.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Code": Object { "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "e8fea7e029780f03a78580d41b7ffbc4551d6e7d6caa190a451880191c166189.zip", }, "Description": "AWS CDK resource provider framework - onEvent (Default/ApiTest/PrepareSpecProvider)", "Environment": Object { "Variables": Object { "USER_ON_EVENT_FUNCTION_ARN": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, }, }, "FunctionName": "Default-PrepareSpec-Provider", "Handler": "framework.onEvent", "Role": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecProviderRoleF47822B8", "Arn", ], }, "Runtime": "nodejs14.x", "Timeout": 900, }, "Type": "AWS::Lambda::Function", }, "ApiTestPrepareSpecRole44D562E5": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Resource::arn:aws:logs:::log-group:/aws/lambda/Default-PrepareSpec:*/g", }, ], "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn::s3:.*/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*/g", }, ], "id": "AwsSolutions-IAM5", "reason": "S3 resources have been scoped down to the appropriate prefix in the CDK asset bucket, however * is still needed as since the prepared spec hash is not known until deploy time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn:aws:logs:::log-group:/aws/lambda/Default-PrepareSpec:*/g", }, ], "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn::s3:.*/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*/g", }, ], "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "S3 resources have been scoped down to the appropriate prefix in the CDK asset bucket, however * is still needed as since the prepared spec hash is not known until deploy time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec:*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "logs", }, Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:getObject", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::", Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json", ], ], }, }, Object { "Action": "s3:putObject", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::", Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "s3", }, ], }, "Type": "AWS::IAM::Role", }, "LambdaD247545B": Object { "DependsOn": Array [ "LambdaServiceRoleA8ED4D3B", ], "Properties": Object { "Code": Object { "ZipFile": "code", }, "Handler": "handler", "Role": Object { "Fn::GetAtt": Array [ "LambdaServiceRoleA8ED4D3B", "Arn", ], }, "Runtime": "nodejs16.x", }, "Type": "AWS::Lambda::Function", }, "LambdaServiceRoleA8ED4D3B": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, ], }, "Type": "AWS::IAM::Role", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`OpenAPI Gateway Rest Api Construct Unit Tests Without Waf 1`] = ` Object { "Outputs": Object { "ApiTestEndpoint34A72375": Object { "Value": Object { "Fn::Join": Array [ "", Array [ "https://", Object { "Ref": "ApiTestEE73F324", }, ".execute-api.", Object { "Ref": "AWS::Region", }, ".", Object { "Ref": "AWS::URLSuffix", }, "/", Object { "Ref": "ApiTestDeploymentStageprod660267A6", }, "/", ], ], }, }, }, "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "ApiTestAccessLogs92CFE051": Object { "DeletionPolicy": "Retain", "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "RetentionInDays": 731, }, "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, "ApiTestAccount272B5CDD": Object { "DeletionPolicy": "Retain", "DependsOn": Array [ "ApiTestEE73F324", "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "CloudWatchRoleArn": Object { "Fn::GetAtt": Array [ "ApiTestCloudWatchRole56ED0814", "Arn", ], }, }, "Type": "AWS::ApiGateway::Account", "UpdateReplacePolicy": "Retain", }, "ApiTestCloudWatchRole56ED0814": Object { "DeletionPolicy": "Retain", "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "apigateway.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", ], ], }, ], }, "Type": "AWS::IAM::Role", "UpdateReplacePolicy": "Retain", }, "ApiTestDeployment153EC478ba688c73ecd411d6bc46f33941546de6": Object { "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Description": "Automatically created by the RestApi construct", "RestApiId": Object { "Ref": "ApiTestEE73F324", }, }, "Type": "AWS::ApiGateway::Deployment", }, "ApiTestDeploymentStageprod660267A6": Object { "DependsOn": Array [ "ApiTestAccount272B5CDD", "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AccessLogSetting": Object { "DestinationArn": Object { "Fn::GetAtt": Array [ "ApiTestAccessLogs92CFE051", "Arn", ], }, "Format": "$context.identity.sourceIp $context.identity.caller $context.identity.user [$context.requestTime] \\"$context.httpMethod $context.resourcePath $context.protocol\\" $context.status $context.responseLength $context.requestId", }, "DeploymentId": Object { "Ref": "ApiTestDeployment153EC478ba688c73ecd411d6bc46f33941546de6", }, "MethodSettings": Array [ Object { "DataTraceEnabled": false, "HttpMethod": "*", "LoggingLevel": "INFO", "ResourcePath": "/*", }, ], "RestApiId": Object { "Ref": "ApiTestEE73F324", }, "StageName": "prod", }, "Type": "AWS::ApiGateway::Stage", }, "ApiTestEE73F324": Object { "DependsOn": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "BodyS3Location": Object { "Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "Key": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecCustomResourceC9800EE6", "outputSpecKey", ], }, }, "Name": "ApiTest", }, "Type": "AWS::ApiGateway::RestApi", }, "ApiTestLambdaPermissiontestOperationECAC1A2D": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Action": "lambda:InvokeFunction", "FunctionName": Object { "Fn::GetAtt": Array [ "LambdaD247545B", "Arn", ], }, "Principal": "apigateway.amazonaws.com", "SourceArn": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":execute-api:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":", Object { "Ref": "ApiTestEE73F324", }, "/*/GET/test", ], ], }, }, "Type": "AWS::Lambda::Permission", }, "ApiTestPrepareSpecA3536D2B": Object { "DependsOn": Array [ "ApiTestPrepareSpecRole44D562E5", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Code": Object { "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "0a558975b3b6d936445a7f9d8d329b154853a6cdcb513008e91fd4e963842023.zip", }, "FunctionName": "Default-PrepareSpec", "Handler": "index.handler", "Role": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecRole44D562E5", "Arn", ], }, "Runtime": "nodejs18.x", "Timeout": 30, }, "Type": "AWS::Lambda::Function", }, "ApiTestPrepareSpecCustomResourceC9800EE6": Object { "DeletionPolicy": "Delete", "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "ServiceToken": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecProviderframeworkonEvent2FA9E188", "Arn", ], }, "inputSpecLocation": Object { "bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "key": "ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json", }, "integrations": Object { "testOperation": Object { "integration": Object { "httpMethod": "POST", "passthroughBehavior": "WHEN_NO_MATCH", "type": "AWS_PROXY", "uri": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":apigateway:", Object { "Ref": "AWS::Region", }, ":lambda:path/2015-03-31/functions/", Object { "Fn::GetAtt": Array [ "LambdaD247545B", "Arn", ], }, "/invocations", ], ], }, }, }, }, "operationLookup": Object { "testOperation": Object { "method": "get", "path": "/test", }, }, "outputSpecLocation": Object { "bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "key": "ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared", }, "securitySchemes": Object {}, }, "Type": "AWS::CloudFormation::CustomResource", "UpdateReplacePolicy": "Delete", }, "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "lambda:InvokeFunction", "Effect": "Allow", "Resource": Array [ Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, Object { "Fn::Join": Array [ "", Array [ Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, ":*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78", "Roles": Array [ Object { "Ref": "ApiTestPrepareSpecProviderRoleF47822B8", }, ], }, "Type": "AWS::IAM::Policy", }, "ApiTestPrepareSpecProviderRoleF47822B8": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec-Provider", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec-Provider:*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "logs", }, ], }, "Type": "AWS::IAM::Role", }, "ApiTestPrepareSpecProviderframeworkonEvent2FA9E188": Object { "DependsOn": Array [ "ApiTestPrepareSpecProviderRoleDefaultPolicy99662E78", "ApiTestPrepareSpecProviderRoleF47822B8", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-L1", "reason": "Latest runtime cannot be configured. CDK will need to upgrade the Provider construct accordingly.", }, Object { "id": "AwsPrototyping-LambdaLatestVersion", "reason": "Latest runtime cannot be configured. CDK will need to upgrade the Provider construct accordingly.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "Code": Object { "S3Bucket": Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "S3Key": "e8fea7e029780f03a78580d41b7ffbc4551d6e7d6caa190a451880191c166189.zip", }, "Description": "AWS CDK resource provider framework - onEvent (Default/ApiTest/PrepareSpecProvider)", "Environment": Object { "Variables": Object { "USER_ON_EVENT_FUNCTION_ARN": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecA3536D2B", "Arn", ], }, }, }, "FunctionName": "Default-PrepareSpec-Provider", "Handler": "framework.onEvent", "Role": Object { "Fn::GetAtt": Array [ "ApiTestPrepareSpecProviderRoleF47822B8", "Arn", ], }, "Runtime": "nodejs14.x", "Timeout": 900, }, "Type": "AWS::Lambda::Function", }, "ApiTestPrepareSpecRole44D562E5": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "applies_to": Array [ Object { "regex": "/^Resource::arn:aws:logs:::log-group:/aws/lambda/Default-PrepareSpec:*/g", }, ], "id": "AwsSolutions-IAM5", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn::s3:.*/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*/g", }, ], "id": "AwsSolutions-IAM5", "reason": "S3 resources have been scoped down to the appropriate prefix in the CDK asset bucket, however * is still needed as since the prepared spec hash is not known until deploy time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn:aws:logs:::log-group:/aws/lambda/Default-PrepareSpec:*/g", }, ], "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "Cloudwatch resources have been scoped down to the LogGroup level, however * is still needed as stream names are created just in time.", }, Object { "applies_to": Array [ Object { "regex": "/^Resource::arn::s3:.*/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*/g", }, ], "id": "AwsPrototyping-IAMNoWildcardPermissions", "reason": "S3 resources have been scoped down to the appropriate prefix in the CDK asset bucket, however * is still needed as since the prepared spec hash is not known until deploy time.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsSolutions-IAM4", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "applies_to": Array [ Object { "regex": "/^Policy::arn::iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs$/g", }, ], "id": "AwsPrototyping-IAMNoManagedPolicies", "reason": "Cloudwatch Role requires access to create/read groups at the root level.", }, Object { "id": "AwsSolutions-APIG2", "reason": "This construct implements fine grained validation via OpenApi.", }, Object { "id": "AwsPrototyping-APIGWRequestValidation", "reason": "This construct implements fine grained validation via OpenApi.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:aws:logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/Default-PrepareSpec:*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "logs", }, Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:getObject", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::", Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json", ], ], }, }, Object { "Action": "s3:putObject", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::", Object { "Fn::Sub": "cdk-hnb659fds-assets-\${AWS::AccountId}-\${AWS::Region}", }, "/ec22714a0fde30e0834df19bc639f3cb3519abd3ccd6dcf6b761d105827ca227.json-prepared/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "s3", }, ], }, "Type": "AWS::IAM::Role", }, "LambdaD247545B": Object { "DependsOn": Array [ "LambdaServiceRoleA8ED4D3B", ], "Properties": Object { "Code": Object { "ZipFile": "code", }, "Handler": "handler", "Role": Object { "Fn::GetAtt": Array [ "LambdaServiceRoleA8ED4D3B", "Arn", ], }, "Runtime": "nodejs16.x", }, "Type": "AWS::Lambda::Function", }, "LambdaServiceRoleA8ED4D3B": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, ], }, "Type": "AWS::IAM::Role", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `;