// Jest Snapshot v1, https://goo.gl/fbAQLP
exports[`AVA Test Stack Snapshot 1`] = `
{
"Conditions": {
"BackEndDataAnalysisGlueWorkflowConditionA63A5CE7": {
"Fn::Equals": [
{
"Ref": "StartGlueWorkflow",
},
"Yes",
],
},
"BackEndExternalIntegrationsAnomalyDetectionBucketCondition1F7AF011": {
"Fn::Not": [
{
"Fn::Equals": [
{
"Ref": "AnomalyDetectionBucketParameter",
},
"",
],
},
],
},
"FrontEndCognitoDomainPrefixConditionABB3BBB6": {
"Fn::Not": [
{
"Fn::Equals": [
{
"Ref": "CognitoDomainPrefixParameter",
},
"",
],
},
],
},
"FrontEndCognitoSAMLConditionCF14CDB1": {
"Fn::And": [
{
"Fn::Not": [
{
"Fn::Equals": [
{
"Ref": "CognitoSAMLProviderNameParameter",
},
"",
],
},
],
},
{
"Fn::Not": [
{
"Fn::Equals": [
{
"Ref": "CognitoSAMLProviderMetadataUrlParameter",
},
"",
],
},
],
},
],
},
"anomalyDetectionBucketParameterSetCondition": {
"Fn::Equals": [
{
"Ref": "AnomalyDetectionBucketParameter",
},
"",
],
},
"cognitoDomainPrefixParameterSetCondition": {
"Fn::Equals": [
{
"Ref": "CognitoDomainPrefixParameter",
},
"",
],
},
"cognitoSAMLProviderMetadataUrlParameterSetCondition": {
"Fn::Equals": [
{
"Ref": "CognitoSAMLProviderMetadataUrlParameter",
},
"",
],
},
"cognitoSAMLProviderNameParameterSetCondition": {
"Fn::Equals": [
{
"Ref": "CognitoSAMLProviderNameParameter",
},
"",
],
},
},
"Description": "AVA Test Stack",
"Mappings": {
"Solution": {
"Config": {
"AnonymousUsage": "Yes",
"S3BucketPrefix": "hosting-bucket",
"S3KeyPrefix": "ava-test/v3.0.1",
"SolutionId": "SOxyz",
"Version": "v3.0.1",
},
},
},
"Metadata": {
"AWS::CloudFormation::Interface": {
"ParameterGroups": [
{
"Label": {
"default": "Dashboard Configuration",
},
"Parameters": [
"AdministratorEmail",
"DefaultLanguage",
],
},
{
"Label": {
"default": "General Configuration",
},
"Parameters": [
"LoggingLevel",
"StartGlueWorkflow",
],
},
{
"Label": {
"default": "Lookout for Equipment Integration (Optional)",
},
"Parameters": [
"AnomalyDetectionBucketParameter",
],
},
{
"Label": {
"default": "SAML Identity Provider Configuration (Optional)",
},
"Parameters": [
"CognitoDomainPrefixParameter",
"CognitoSAMLProviderNameParameter",
"CognitoSAMLProviderMetadataUrlParameter",
],
},
],
"ParameterLabels": {
"AdministratorEmail": {
"default": "Administrator Email",
},
"AnomalyDetectionBucketParameter": {
"default": "Anomaly Detection Output Bucket",
},
"CognitoDomainPrefixParameter": {
"default": "Cognito Domain Prefix",
},
"CognitoSAMLProviderMetadataUrlParameter": {
"default": "SAML Provider Metadata Url",
},
"CognitoSAMLProviderNameParameter": {
"default": "SAML Provider Name",
},
"DefaultLanguage": {
"default": "UI Default Language",
},
"LoggingLevel": {
"default": "Log Level",
},
"StartGlueWorkflow": {
"default": "Activate AWS Glue Workflow",
},
},
},
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Legacy code requires wildcard on bucket items with prefix",
},
],
},
},
"Outputs": {
"AmazonVirtualAndonConsole": {
"Description": "AVA Test console URL",
"Value": {
"Fn::Join": [
"",
[
"https://",
{
"Fn::GetAtt": [
"FrontEndDistributionToS3CloudFrontDistribution15FE13D0",
"DomainName",
],
},
],
],
},
},
"CognitoDomain": {
"Condition": "FrontEndCognitoDomainPrefixConditionABB3BBB6",
"Description": "Cognito hosted domain",
"Value": {
"Fn::Join": [
"",
[
"https://",
{
"Ref": "FrontEndUserPoolDomain4D30EABB",
},
".auth.",
{
"Ref": "AWS::Region",
},
".amazoncognito.com",
],
],
},
},
"GraphQLEndpoint": {
"Description": "Amazon Virtual Andon GraphQL endpoint",
"Value": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"GraphQLUrl",
],
},
},
"SolutionVersion": {
"Description": "SolutionVersion",
"Value": "v3.0.1",
},
"UserPoolId": {
"Condition": "FrontEndCognitoDomainPrefixConditionABB3BBB6",
"Description": "Cognito User Pool ID",
"Value": {
"Ref": "FrontEndCognitoUserPoolFCECA826",
},
},
"WebsiteAssetBucket": {
"Description": "Amazon Virtual Andon web site assets bucket",
"Value": {
"Ref": "FrontEndDistributionToS3S3Bucket3A171D78",
},
},
},
"Parameters": {
"AdministratorEmail": {
"AllowedPattern": "^[_A-Za-z0-9-\\+]+(\\.[_A-Za-z0-9-]+)*@[A-Za-z0-9-]+(\\.[A-Za-z0-9]+)*(\\.[A-Za-z]{2,})$",
"ConstraintDescription": "Default User Email must be a valid email address",
"Description": "(Required) Email address for Amazon Virtual Andon administrator.",
"Type": "String",
},
"AnomalyDetectionBucketParameter": {
"AllowedPattern": "^[a-z0-9.-]*$",
"Default": "",
"Description": "(Optional) The name of the Amazon S3 bucket which will contain anomaly detection files",
"MaxLength": 63,
"Type": "String",
},
"CognitoDomainPrefixParameter": {
"AllowedPattern": "^$|^[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?$",
"Default": "",
"Description": "(Optional) The prefix to the Cognito hosted domain name that will be associated with the user pool.",
"Type": "String",
},
"CognitoSAMLProviderMetadataUrlParameter": {
"Default": "",
"Description": "(Optional) MetadataURL for the identity provider details.",
"Type": "String",
},
"CognitoSAMLProviderNameParameter": {
"AllowedPattern": "^[a-zA-Z]*$",
"Default": "",
"Description": "(Optional) The identity provider name.",
"MaxLength": 32,
"Type": "String",
},
"DefaultLanguage": {
"AllowedValues": [
"Browser Default",
"Chinese (Simplified)",
"English",
"French (France)",
"German",
"Japanese",
"Korean",
"Spanish (Spain)",
"Thai",
],
"Default": "Browser Default",
"Description": "Amazon Virtual Andon web interface default language. Choose "Browser Default" if you want to use your browser language as a default language.",
"Type": "String",
},
"LoggingLevel": {
"AllowedValues": [
"VERBOSE",
"DEBUG",
"INFO",
"WARN",
"ERROR",
],
"Default": "ERROR",
"Description": "The logging level of the Lambda functions and the UI",
"Type": "String",
},
"StartGlueWorkflow": {
"AllowedValues": [
"Yes",
"No",
],
"Default": "No",
"Description": "Do you want to perform the Glue Workflow that will extract Amazon Virtual Andon's DynamoDB data to S3 for analysis with Athena? If set to 'Yes', the process will run every Monday at 1am UTC by default",
"Type": "String",
},
},
"Resources": {
"AVADataHierarchyTable": {
"DeletionPolicy": "Delete",
"Properties": {
"AttributeDefinitions": [
{
"AttributeName": "id",
"AttributeType": "S",
},
{
"AttributeName": "type",
"AttributeType": "S",
},
{
"AttributeName": "parentId",
"AttributeType": "S",
},
{
"AttributeName": "name",
"AttributeType": "S",
},
],
"BillingMode": "PAY_PER_REQUEST",
"GlobalSecondaryIndexes": [
{
"IndexName": "ByTypeAndParent-index",
"KeySchema": [
{
"AttributeName": "type",
"KeyType": "HASH",
},
{
"AttributeName": "parentId",
"KeyType": "RANGE",
},
],
"Projection": {
"ProjectionType": "ALL",
},
},
{
"IndexName": "ByTypeAndName-index",
"KeySchema": [
{
"AttributeName": "type",
"KeyType": "HASH",
},
{
"AttributeName": "name",
"KeyType": "RANGE",
},
],
"Projection": {
"ProjectionType": "ALL",
},
},
],
"KeySchema": [
{
"AttributeName": "id",
"KeyType": "HASH",
},
{
"AttributeName": "type",
"KeyType": "RANGE",
},
],
"PointInTimeRecoverySpecification": {
"PointInTimeRecoveryEnabled": true,
},
"SSESpecification": {
"SSEEnabled": true,
},
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
},
"Type": "AWS::DynamoDB::Table",
"UpdateReplacePolicy": "Delete",
},
"AVAIssuesTable": {
"DeletionPolicy": "Retain",
"Properties": {
"AttributeDefinitions": [
{
"AttributeName": "id",
"AttributeType": "S",
},
{
"AttributeName": "siteName",
"AttributeType": "S",
},
{
"AttributeName": "areaName#status#processName#stationName#deviceName#created",
"AttributeType": "S",
},
{
"AttributeName": "areaName#status#processName#eventDescription#stationName#deviceName#created",
"AttributeType": "S",
},
{
"AttributeName": "deviceName#eventId",
"AttributeType": "S",
},
{
"AttributeName": "createdDateUtc",
"AttributeType": "S",
},
{
"AttributeName": "createdAt",
"AttributeType": "S",
},
],
"BillingMode": "PAY_PER_REQUEST",
"GlobalSecondaryIndexes": [
{
"IndexName": "ByDevice-index",
"KeySchema": [
{
"AttributeName": "siteName",
"KeyType": "HASH",
},
{
"AttributeName": "areaName#status#processName#stationName#deviceName#created",
"KeyType": "RANGE",
},
],
"Projection": {
"ProjectionType": "ALL",
},
},
{
"IndexName": "BySiteAreaStatus-index",
"KeySchema": [
{
"AttributeName": "siteName",
"KeyType": "HASH",
},
{
"AttributeName": "areaName#status#processName#eventDescription#stationName#deviceName#created",
"KeyType": "RANGE",
},
],
"Projection": {
"ProjectionType": "ALL",
},
},
{
"IndexName": "ByDeviceEvent-index",
"KeySchema": [
{
"AttributeName": "deviceName#eventId",
"KeyType": "HASH",
},
{
"AttributeName": "id",
"KeyType": "RANGE",
},
],
"Projection": {
"ProjectionType": "ALL",
},
},
{
"IndexName": "ByCreatedDate-index",
"KeySchema": [
{
"AttributeName": "createdDateUtc",
"KeyType": "HASH",
},
{
"AttributeName": "createdAt",
"KeyType": "RANGE",
},
],
"Projection": {
"ProjectionType": "ALL",
},
},
],
"KeySchema": [
{
"AttributeName": "id",
"KeyType": "HASH",
},
],
"PointInTimeRecoverySpecification": {
"PointInTimeRecoveryEnabled": true,
},
"SSESpecification": {
"SSEEnabled": true,
},
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
},
"Type": "AWS::DynamoDB::Table",
"UpdateReplacePolicy": "Retain",
},
"AppRegistryAssociation": {
"Properties": {
"Application": {
"Fn::GetAtt": [
"ApplicationD9CED6CE",
"Id",
],
},
"Resource": {
"Ref": "AWS::StackId",
},
"ResourceType": "CFN_STACK",
},
"Type": "AWS::ServiceCatalogAppRegistry::ResourceAssociation",
},
"ApplicationD9CED6CE": {
"Properties": {
"Description": "AVA Test Stack",
"Name": {
"Fn::Join": [
"-",
[
"ava-test",
{
"Ref": "AWS::Region",
},
{
"Ref": "AWS::AccountId",
},
{
"Ref": "AWS::StackName",
},
],
],
},
"Tags": {
"SolutionId": "SOxyz",
"Solutions:ApplicationType": "AWS-Solutions",
"Solutions:SolutionID": "SOxyz",
"Solutions:SolutionName": "ava-test",
"Solutions:SolutionVersion": "v3.0.1",
},
},
"Type": "AWS::ServiceCatalogAppRegistry::Application",
},
"AvaGlueDataHierarchyTable": {
"Condition": "BackEndDataAnalysisGlueWorkflowConditionA63A5CE7",
"Properties": {
"CatalogId": {
"Ref": "AWS::AccountId",
},
"DatabaseName": {
"Ref": "AvaGlueDatabase",
},
"TableInput": {
"Parameters": {
"EXTERNAL": "TRUE",
"classification": "parquet",
"has_encrypted_data": "false",
},
"StorageDescriptor": {
"Columns": [
{
"Name": "protocol",
"Type": "string",
},
{
"Name": "endpoint",
"Type": "string",
},
{
"Name": "filterpolicy",
"Type": "string",
},
{
"Name": "id",
"Type": "string",
},
{
"Name": "type",
"Type": "string",
},
{
"Name": "subscriptionarn",
"Type": "string",
},
{
"Name": "stationareaid",
"Type": "string",
},
{
"Name": "createdat",
"Type": "string",
},
{
"Name": "name",
"Type": "string",
},
{
"Name": "description",
"Type": "string",
},
{
"Name": "version",
"Type": "bigint",
},
{
"Name": "parentid",
"Type": "string",
},
{
"Name": "updatedat",
"Type": "string",
},
{
"Name": "processareaid",
"Type": "string",
},
{
"Name": "eventprocessid",
"Type": "string",
},
{
"Name": "eventtype",
"Type": "string",
},
{
"Name": "priority",
"Type": "string",
},
{
"Name": "rootcauses",
"Type": "string",
},
{
"Name": "sms",
"Type": "string",
},
{
"Name": "eventimgkey",
"Type": "string",
},
{
"Name": "email",
"Type": "string",
},
{
"Name": "devicestationid",
"Type": "string",
},
{
"Name": "areasiteid",
"Type": "string",
},
{
"Name": "alias",
"Type": "string",
},
],
"Compressed": false,
"InputFormat": "org.apache.hadoop.mapred.TextInputFormat",
"Location": {
"Fn::Join": [
"",
[
"s3://",
{
"Ref": "AvaGlueOutputBucket",
},
"/glue/ddb-output/data-hierarchy",
],
],
},
"NumberOfBuckets": -1,
"OutputFormat": "org.apache.hadoop.hive.ql.io.HiveIgnoreKeyTextOutputFormat",
"SerdeInfo": {
"Parameters": {
"serialization.format": "1",
},
"SerializationLibrary": "org.apache.hadoop.hive.ql.io.parquet.serde.ParquetHiveSerDe",
},
"StoredAsSubDirectories": false,
},
"TableType": "EXTERNAL_TABLE",
},
},
"Type": "AWS::Glue::Table",
},
"AvaGlueDatabase": {
"Condition": "BackEndDataAnalysisGlueWorkflowConditionA63A5CE7",
"Properties": {
"CatalogId": {
"Ref": "AWS::AccountId",
},
"DatabaseInput": {
"Name": "amazon-virtual-andon-glue-database",
},
},
"Type": "AWS::Glue::Database",
},
"AvaGlueIssuesTable": {
"Condition": "BackEndDataAnalysisGlueWorkflowConditionA63A5CE7",
"Properties": {
"CatalogId": {
"Ref": "AWS::AccountId",
},
"DatabaseName": {
"Ref": "AvaGlueDatabase",
},
"TableInput": {
"Parameters": {
"EXTERNAL": "TRUE",
"classification": "parquet",
"has_encrypted_data": "false",
},
"StorageDescriptor": {
"Columns": [
{
"Name": "eventid",
"Type": "string",
},
{
"Name": "acknowledged",
"Type": "string",
},
{
"Name": "created",
"Type": "string",
},
{
"Name": "sitename",
"Type": "string",
},
{
"Name": "issuesource",
"Type": "string",
},
{
"Name": "priority",
"Type": "string",
},
{
"Name": "areaname#status#processname#eventdescription#stationname#devicename#created",
"Type": "string",
},
{
"Name": "version",
"Type": "bigint",
},
{
"Name": "devicename",
"Type": "string",
},
{
"Name": "devicename#eventid",
"Type": "string",
},
{
"Name": "createdat",
"Type": "string",
},
{
"Name": "areaname",
"Type": "string",
},
{
"Name": "processname",
"Type": "string",
},
{
"Name": "createddateutc",
"Type": "date",
},
{
"Name": "eventdescription",
"Type": "string",
},
{
"Name": "areaname#status#processname#stationname#devicename#created",
"Type": "string",
},
{
"Name": "stationname",
"Type": "string",
},
{
"Name": "id",
"Type": "string",
},
{
"Name": "acknowledgedtime",
"Type": "bigint",
},
{
"Name": "status",
"Type": "string",
},
{
"Name": "updatedat",
"Type": "string",
},
{
"Name": "closed",
"Type": "string",
},
{
"Name": "resolutiontime",
"Type": "bigint",
},
{
"Name": "createdby",
"Type": "string",
},
{
"Name": "acknowledgedby",
"Type": "string",
},
{
"Name": "closedby",
"Type": "string",
},
{
"Name": "rejectedby",
"Type": "string",
},
{
"Name": "additionaldetails",
"Type": "string",
},
],
"Compressed": false,
"InputFormat": "org.apache.hadoop.mapred.TextInputFormat",
"Location": {
"Fn::Join": [
"",
[
"s3://",
{
"Ref": "AvaGlueOutputBucket",
},
"/glue/ddb-output/issues",
],
],
},
"NumberOfBuckets": -1,
"OutputFormat": "org.apache.hadoop.hive.ql.io.HiveIgnoreKeyTextOutputFormat",
"SerdeInfo": {
"Parameters": {
"serialization.format": "1",
},
"SerializationLibrary": "org.apache.hadoop.hive.ql.io.parquet.serde.ParquetHiveSerDe",
},
"StoredAsSubDirectories": false,
},
"TableType": "EXTERNAL_TABLE",
},
},
"Type": "AWS::Glue::Table",
},
"AvaGlueOutputBucket": {
"Condition": "BackEndDataAnalysisGlueWorkflowConditionA63A5CE7",
"DeletionPolicy": "Retain",
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-S10",
"reason": "Legacy code indicates that this is required to make the glue output process to work",
},
],
},
},
"Properties": {
"BucketEncryption": {
"ServerSideEncryptionConfiguration": [
{
"ServerSideEncryptionByDefault": {
"SSEAlgorithm": "AES256",
},
},
],
},
"LoggingConfiguration": {
"LogFilePrefix": "server-access-logs/",
},
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": true,
"RestrictPublicBuckets": true,
},
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
},
"Type": "AWS::S3::Bucket",
"UpdateReplacePolicy": "Retain",
},
"BackEndAppSyncApiAppSyncResolverLambdaFunctionE084D1FB": {
"DependsOn": [
"BackEndAppSyncApiAppSyncResolverLambdaFunctionRole68A09CEC",
],
"Metadata": {
"cfn_nag": {
"rules_to_suppress": [
{
"id": "W89",
"reason": "VPC for Lambda is not needed. This serverless architecture does not deploy a VPC.",
},
{
"id": "W92",
"reason": "ReservedConcurrentExecutions is not needed for this Lambda function.",
},
],
},
},
"Properties": {
"Code": {
"S3Bucket": {
"Fn::Join": [
"",
[
{
"Fn::FindInMap": [
"Solution",
"Config",
"S3BucketPrefix",
],
},
"-",
{
"Ref": "AWS::Region",
},
],
],
},
"S3Key": {
"Fn::Join": [
"",
[
{
"Fn::FindInMap": [
"Solution",
"Config",
"S3KeyPrefix",
],
},
"/appsync-lambda-resolver.zip",
],
],
},
},
"Description": "AVA Test (v3.0.1): Resolver for various AppSync functions",
"Environment": {
"Variables": {
"DATA_HIERARCHY_TABLE_NAME": {
"Ref": "AVADataHierarchyTable",
},
"ISSUES_TABLE_NAME": {
"Ref": "AVAIssuesTable",
},
"ISSUE_NOTIFICATION_TOPIC_ARN": {
"Ref": "IssueNotificationTopic",
},
"LOGGING_LEVEL": {
"Ref": "LoggingLevel",
},
},
},
"Handler": "appsync-lambda-resolver/index.handler",
"Role": {
"Fn::GetAtt": [
"BackEndAppSyncApiAppSyncResolverLambdaFunctionRole68A09CEC",
"Arn",
],
},
"Runtime": "nodejs18.x",
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
"Timeout": 60,
},
"Type": "AWS::Lambda::Function",
},
"BackEndAppSyncApiAppSyncResolverLambdaFunctionRole68A09CEC": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Cloudwatch logs policy needs access to all logs arns because it's creating log groups",
},
],
},
},
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
"Path": "/",
"Policies": [
{
"PolicyDocument": {
"Statement": [
{
"Action": [
"sns:Subscribe",
"sns:Unsubscribe",
"sns:SetSubscriptionAttributes",
],
"Effect": "Allow",
"Resource": {
"Ref": "IssueNotificationTopic",
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "SnsPolicy",
},
{
"PolicyDocument": {
"Statement": [
{
"Action": [
"dynamodb:GetItem",
"dynamodb:PutItem",
],
"Effect": "Allow",
"Resource": {
"Fn::GetAtt": [
"AVADataHierarchyTable",
"Arn",
],
},
},
{
"Action": "dynamodb:Query",
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"AVAIssuesTable",
"Arn",
],
},
"/index/ByCreatedDate-index",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "DynamoDbPolicy",
},
{
"PolicyDocument": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":logs:",
{
"Ref": "AWS::Region",
},
":",
{
"Ref": "AWS::AccountId",
},
":log-group:/aws/lambda/*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "CloudWatchLogsPolicy",
},
],
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
},
"Type": "AWS::IAM::Role",
},
"BackEndAppSyncApiGraphqlApi7F48FCAE": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"AdditionalAuthenticationProviders": [
{
"AuthenticationType": "AWS_IAM",
},
],
"AuthenticationType": "AMAZON_COGNITO_USER_POOLS",
"LogConfig": {
"CloudWatchLogsRoleArn": {
"Fn::GetAtt": [
"BackEndAppSyncApiLogRoleD851D1DD",
"Arn",
],
},
"ExcludeVerboseContent": false,
"FieldLogLevel": "NONE",
},
"Name": "ava-api",
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
"UserPoolConfig": {
"AwsRegion": {
"Ref": "AWS::Region",
},
"DefaultAction": "ALLOW",
"UserPoolId": {
"Ref": "FrontEndCognitoUserPoolFCECA826",
},
},
},
"Type": "AWS::AppSync::GraphQLApi",
},
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DynamoDBConfig": {
"AwsRegion": {
"Ref": "AWS::Region",
},
"TableName": {
"Ref": "AVADataHierarchyTable",
},
},
"Name": "AVADataSource",
"ServiceRoleArn": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiAVADataSourceServiceRole91F4DE80",
"Arn",
],
},
"Type": "AMAZON_DYNAMODB",
},
"Type": "AWS::AppSync::DataSource",
},
"BackEndAppSyncApiGraphqlApiAVADataSourceServiceRole91F4DE80": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "appsync.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
},
"Type": "AWS::IAM::Role",
},
"BackEndAppSyncApiGraphqlApiAVADataSourceServiceRoleDefaultPolicyE43B8B38": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": [
"dynamodb:BatchGetItem",
"dynamodb:GetRecords",
"dynamodb:GetShardIterator",
"dynamodb:Query",
"dynamodb:GetItem",
"dynamodb:Scan",
"dynamodb:ConditionCheckItem",
"dynamodb:BatchWriteItem",
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem",
"dynamodb:DescribeTable",
],
"Effect": "Allow",
"Resource": [
{
"Fn::GetAtt": [
"AVADataHierarchyTable",
"Arn",
],
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"AVADataHierarchyTable",
"Arn",
],
},
"/index/*",
],
],
},
],
},
],
"Version": "2012-10-17",
},
"PolicyName": "BackEndAppSyncApiGraphqlApiAVADataSourceServiceRoleDefaultPolicyE43B8B38",
"Roles": [
{
"Ref": "BackEndAppSyncApiGraphqlApiAVADataSourceServiceRole91F4DE80",
},
],
},
"Type": "AWS::IAM::Policy",
},
"BackEndAppSyncApiGraphqlApiAVALambdaDataSource3AD4F63E": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"LambdaConfig": {
"LambdaFunctionArn": {
"Fn::GetAtt": [
"BackEndAppSyncApiAppSyncResolverLambdaFunctionE084D1FB",
"Arn",
],
},
},
"Name": "AVALambdaDataSource",
"ServiceRoleArn": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiAVALambdaDataSourceServiceRoleD6FEB4B3",
"Arn",
],
},
"Type": "AWS_LAMBDA",
},
"Type": "AWS::AppSync::DataSource",
},
"BackEndAppSyncApiGraphqlApiAVALambdaDataSourceServiceRoleD6FEB4B3": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "appsync.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
},
"Type": "AWS::IAM::Role",
},
"BackEndAppSyncApiGraphqlApiAVALambdaDataSourceServiceRoleDefaultPolicy2DB725F0": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": "lambda:InvokeFunction",
"Effect": "Allow",
"Resource": [
{
"Fn::GetAtt": [
"BackEndAppSyncApiAppSyncResolverLambdaFunctionE084D1FB",
"Arn",
],
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"BackEndAppSyncApiAppSyncResolverLambdaFunctionE084D1FB",
"Arn",
],
},
":*",
],
],
},
],
},
],
"Version": "2012-10-17",
},
"PolicyName": "BackEndAppSyncApiGraphqlApiAVALambdaDataSourceServiceRoleDefaultPolicy2DB725F0",
"Roles": [
{
"Ref": "BackEndAppSyncApiGraphqlApiAVALambdaDataSourceServiceRoleD6FEB4B3",
},
],
},
"Type": "AWS::IAM::Policy",
},
"BackEndAppSyncApiGraphqlApiAreaprocessResolverA0C36569": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"FieldName": "process",
"Kind": "UNIT",
"RequestMappingTemplate": "#set( $limit = $util.defaultIfNull($context.args.limit, 10) )
{
"version": "2017-02-28",
"operation": "Query",
"query": {
"expressionNames": {
"#type": "type",
"#parent": "parentId"
},
"expressionValues": {
":type": $util.dynamodb.toDynamoDBJson("PROCESS"),
":parent": $util.dynamodb.toDynamoDBJson($ctx.source.id)
},
"expression": "#type = :type and #parent = :parent"
},
"scanIndexForward": #if( $context.args.sortDirection )
#if( $context.args.sortDirection == "ASC" )
true
#else
false
#end
#else
true
#end,
"filter": #if( $context.args.filter )
$util.transform.toDynamoDBFilterExpression($ctx.args.filter)
#else
null
#end,
"limit": $limit,
"nextToken": #if( $context.args.nextToken )
"$context.args.nextToken"
#else
null
#end,
"index": "ByTypeAndParent-index"
}
",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
"TypeName": "Area",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiAreasiteResolver7B3EF187": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"FieldName": "site",
"Kind": "UNIT",
"RequestMappingTemplate": "{
"version": "2017-02-28",
"operation": "GetItem",
"key": {
"id": $util.dynamodb.toDynamoDBJson($util.defaultIfNullOrBlank($ctx.source.areaSiteId, "___xamznone____")),
"type": $util.dynamodb.toDynamoDBJson("SITE")
}
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
"TypeName": "Area",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiAreastationResolver1A6050D1": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"FieldName": "station",
"Kind": "UNIT",
"RequestMappingTemplate": "#set( $limit = $util.defaultIfNull($context.args.limit, 10) )
{
"version": "2017-02-28",
"operation": "Query",
"query": {
"expressionNames": {
"#type": "type",
"#parent": "parentId"
},
"expressionValues": {
":type": $util.dynamodb.toDynamoDBJson("STATION"),
":parent": $util.dynamodb.toDynamoDBJson($ctx.source.id)
},
"expression": "#type = :type and #parent = :parent"
},
"scanIndexForward": #if( $context.args.sortDirection )
#if( $context.args.sortDirection == "ASC" )
true
#else
false
#end
#else
true
#end,
"filter": #if( $context.args.filter )
$util.transform.toDynamoDBFilterExpression($ctx.args.filter)
#else
null
#end,
"limit": $limit,
"nextToken": #if( $context.args.nextToken )
"$context.args.nextToken"
#else
null
#end,
"index": "ByTypeAndParent-index"
}
",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
"TypeName": "Area",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiAvaLambdaDataSourceResolverF053AE42": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVALambdaDataSource3AD4F63E",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVALambdaDataSource",
"FieldName": "getPrevDayIssuesStats",
"Kind": "UNIT",
"TypeName": "Query",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiCreateAreaFunction51930F3C": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"Description": "Create an area",
"FunctionVersion": "2018-05-29",
"Name": "CreateAreaFunction",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
## Check duplication
#set ($duplicated = $ctx.prev.result.items)
#if ($duplicated.size() > 0)
#if ($ctx.args.rootCause)
$util.error("Same root cause already exists.", "DataDuplicatedError")
#else
$util.error("Same name already exists.", "DataDuplicatedError")
#end
#end
## Check validation
#if ($ctx.args.sms)
#if (!$util.matches("^((\\+\\d{1,2}\\s)?\\(?\\d{3}\\)?[\\s.-]?\\d{3}[\\s.-]?\\d{4})(,\\s*((\\+\\d{1,2}\\s)?\\(?\\d{3}\\)?[\\s.-]?\\d{3}[\\s.-]?\\d{4}))*$", $ctx.args.sms))
$util.error("SMS No. must be a comma-separated list of valid phone numbers.")
#end
#end
#if ($ctx.args.email)
#if (!$util.matches("^([_a-z0-9-]+(\\.[_a-z0-9-]+)*(\\+[a-z0-9-]+)?@\\w+([\\.-]?\\w+)*(\\.\\w{2,3})+)(,\\s*([_a-z0-9-]+(\\.[_a-z0-9-]+)*(\\+[a-z0-9-]+)?@\\w+([\\.-]?\\w+)*(\\.\\w{2,3})+))*$", $ctx.args.email))
$util.error("E-Mail must be a comma-separated list of valid E-Mail addresses.")
#end
#end
## Set default values
$util.qr($ctx.args.put("version", $util.defaultIfNull($ctx.args.version, 1)))
$util.qr($ctx.args.put("createdAt", $util.defaultIfNull($ctx.args.createdAt, $util.time.nowISO8601())))
$util.qr($ctx.args.put("updatedAt", $util.defaultIfNull($ctx.args.updatedAt, $util.time.nowISO8601())))
#if ($ctx.args.type == "AREA")
$util.qr($ctx.args.put("parentId", $ctx.args.areaSiteId))
#end
#if ($ctx.args.type == "STATION")
$util.qr($ctx.args.put("parentId", $ctx.args.stationAreaId))
#end
#if ($ctx.args.type == "DEVICE")
$util.qr($ctx.args.put("parentId", $ctx.args.deviceStationId))
#end
#if ($ctx.args.type == "PROCESS")
$util.qr($ctx.args.put("parentId", $ctx.args.processAreaId))
#end
#if ($ctx.args.type == "EVENT")
#if ( ! $ctx.args.parentId)
## If the parentId does not exist, this is a top-level event so use the process ID as the parentId
$util.qr($ctx.args.put("parentId", $ctx.args.eventProcessId))
#end
#end
{
"version": "2017-02-28",
"operation": "PutItem",
"key": {
"id": $util.dynamodb.toDynamoDBJson($util.defaultIfNullOrBlank($ctx.args.id, $util.autoId())),
"type": $util.dynamodb.toDynamoDBJson($ctx.args.type),
},
"attributeValues": $util.dynamodb.toMapValuesJson($context.args)
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
},
"Type": "AWS::AppSync::FunctionConfiguration",
},
"BackEndAppSyncApiGraphqlApiCreateDeviceFunction54EDCF53": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"Description": "Create a device",
"FunctionVersion": "2018-05-29",
"Name": "CreateDeviceFunction",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
## Check duplication
#set ($duplicated = $ctx.prev.result.items)
#if ($duplicated.size() > 0)
#if ($ctx.args.rootCause)
$util.error("Same root cause already exists.", "DataDuplicatedError")
#else
$util.error("Same name already exists.", "DataDuplicatedError")
#end
#end
## Check validation
#if ($ctx.args.sms)
#if (!$util.matches("^((\\+\\d{1,2}\\s)?\\(?\\d{3}\\)?[\\s.-]?\\d{3}[\\s.-]?\\d{4})(,\\s*((\\+\\d{1,2}\\s)?\\(?\\d{3}\\)?[\\s.-]?\\d{3}[\\s.-]?\\d{4}))*$", $ctx.args.sms))
$util.error("SMS No. must be a comma-separated list of valid phone numbers.")
#end
#end
#if ($ctx.args.email)
#if (!$util.matches("^([_a-z0-9-]+(\\.[_a-z0-9-]+)*(\\+[a-z0-9-]+)?@\\w+([\\.-]?\\w+)*(\\.\\w{2,3})+)(,\\s*([_a-z0-9-]+(\\.[_a-z0-9-]+)*(\\+[a-z0-9-]+)?@\\w+([\\.-]?\\w+)*(\\.\\w{2,3})+))*$", $ctx.args.email))
$util.error("E-Mail must be a comma-separated list of valid E-Mail addresses.")
#end
#end
## Set default values
$util.qr($ctx.args.put("version", $util.defaultIfNull($ctx.args.version, 1)))
$util.qr($ctx.args.put("createdAt", $util.defaultIfNull($ctx.args.createdAt, $util.time.nowISO8601())))
$util.qr($ctx.args.put("updatedAt", $util.defaultIfNull($ctx.args.updatedAt, $util.time.nowISO8601())))
#if ($ctx.args.type == "AREA")
$util.qr($ctx.args.put("parentId", $ctx.args.areaSiteId))
#end
#if ($ctx.args.type == "STATION")
$util.qr($ctx.args.put("parentId", $ctx.args.stationAreaId))
#end
#if ($ctx.args.type == "DEVICE")
$util.qr($ctx.args.put("parentId", $ctx.args.deviceStationId))
#end
#if ($ctx.args.type == "PROCESS")
$util.qr($ctx.args.put("parentId", $ctx.args.processAreaId))
#end
#if ($ctx.args.type == "EVENT")
#if ( ! $ctx.args.parentId)
## If the parentId does not exist, this is a top-level event so use the process ID as the parentId
$util.qr($ctx.args.put("parentId", $ctx.args.eventProcessId))
#end
#end
{
"version": "2017-02-28",
"operation": "PutItem",
"key": {
"id": $util.dynamodb.toDynamoDBJson($util.defaultIfNullOrBlank($ctx.args.id, $util.autoId())),
"type": $util.dynamodb.toDynamoDBJson($ctx.args.type),
},
"attributeValues": $util.dynamodb.toMapValuesJson($context.args)
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
},
"Type": "AWS::AppSync::FunctionConfiguration",
},
"BackEndAppSyncApiGraphqlApiCreateEventFunction050BFFAF": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"Description": "Create an event",
"FunctionVersion": "2018-05-29",
"Name": "CreateEventFunction",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
## Check duplication
#set ($duplicated = $ctx.prev.result.items)
#if ($duplicated.size() > 0)
#if ($ctx.args.rootCause)
$util.error("Same root cause already exists.", "DataDuplicatedError")
#else
$util.error("Same name already exists.", "DataDuplicatedError")
#end
#end
## Check validation
#if ($ctx.args.sms)
#if (!$util.matches("^((\\+\\d{1,2}\\s)?\\(?\\d{3}\\)?[\\s.-]?\\d{3}[\\s.-]?\\d{4})(,\\s*((\\+\\d{1,2}\\s)?\\(?\\d{3}\\)?[\\s.-]?\\d{3}[\\s.-]?\\d{4}))*$", $ctx.args.sms))
$util.error("SMS No. must be a comma-separated list of valid phone numbers.")
#end
#end
#if ($ctx.args.email)
#if (!$util.matches("^([_a-z0-9-]+(\\.[_a-z0-9-]+)*(\\+[a-z0-9-]+)?@\\w+([\\.-]?\\w+)*(\\.\\w{2,3})+)(,\\s*([_a-z0-9-]+(\\.[_a-z0-9-]+)*(\\+[a-z0-9-]+)?@\\w+([\\.-]?\\w+)*(\\.\\w{2,3})+))*$", $ctx.args.email))
$util.error("E-Mail must be a comma-separated list of valid E-Mail addresses.")
#end
#end
## Set default values
$util.qr($ctx.args.put("version", $util.defaultIfNull($ctx.args.version, 1)))
$util.qr($ctx.args.put("createdAt", $util.defaultIfNull($ctx.args.createdAt, $util.time.nowISO8601())))
$util.qr($ctx.args.put("updatedAt", $util.defaultIfNull($ctx.args.updatedAt, $util.time.nowISO8601())))
#if ($ctx.args.type == "AREA")
$util.qr($ctx.args.put("parentId", $ctx.args.areaSiteId))
#end
#if ($ctx.args.type == "STATION")
$util.qr($ctx.args.put("parentId", $ctx.args.stationAreaId))
#end
#if ($ctx.args.type == "DEVICE")
$util.qr($ctx.args.put("parentId", $ctx.args.deviceStationId))
#end
#if ($ctx.args.type == "PROCESS")
$util.qr($ctx.args.put("parentId", $ctx.args.processAreaId))
#end
#if ($ctx.args.type == "EVENT")
#if ( ! $ctx.args.parentId)
## If the parentId does not exist, this is a top-level event so use the process ID as the parentId
$util.qr($ctx.args.put("parentId", $ctx.args.eventProcessId))
#end
#end
{
"version": "2017-02-28",
"operation": "PutItem",
"key": {
"id": $util.dynamodb.toDynamoDBJson($util.defaultIfNullOrBlank($ctx.args.id, $util.autoId())),
"type": $util.dynamodb.toDynamoDBJson($ctx.args.type),
},
"attributeValues": $util.dynamodb.toMapValuesJson($context.args)
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
},
"Type": "AWS::AppSync::FunctionConfiguration",
},
"BackEndAppSyncApiGraphqlApiCreateProcessFunction78464955": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"Description": "Create a process",
"FunctionVersion": "2018-05-29",
"Name": "CreateProcessFunction",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
## Check duplication
#set ($duplicated = $ctx.prev.result.items)
#if ($duplicated.size() > 0)
#if ($ctx.args.rootCause)
$util.error("Same root cause already exists.", "DataDuplicatedError")
#else
$util.error("Same name already exists.", "DataDuplicatedError")
#end
#end
## Check validation
#if ($ctx.args.sms)
#if (!$util.matches("^((\\+\\d{1,2}\\s)?\\(?\\d{3}\\)?[\\s.-]?\\d{3}[\\s.-]?\\d{4})(,\\s*((\\+\\d{1,2}\\s)?\\(?\\d{3}\\)?[\\s.-]?\\d{3}[\\s.-]?\\d{4}))*$", $ctx.args.sms))
$util.error("SMS No. must be a comma-separated list of valid phone numbers.")
#end
#end
#if ($ctx.args.email)
#if (!$util.matches("^([_a-z0-9-]+(\\.[_a-z0-9-]+)*(\\+[a-z0-9-]+)?@\\w+([\\.-]?\\w+)*(\\.\\w{2,3})+)(,\\s*([_a-z0-9-]+(\\.[_a-z0-9-]+)*(\\+[a-z0-9-]+)?@\\w+([\\.-]?\\w+)*(\\.\\w{2,3})+))*$", $ctx.args.email))
$util.error("E-Mail must be a comma-separated list of valid E-Mail addresses.")
#end
#end
## Set default values
$util.qr($ctx.args.put("version", $util.defaultIfNull($ctx.args.version, 1)))
$util.qr($ctx.args.put("createdAt", $util.defaultIfNull($ctx.args.createdAt, $util.time.nowISO8601())))
$util.qr($ctx.args.put("updatedAt", $util.defaultIfNull($ctx.args.updatedAt, $util.time.nowISO8601())))
#if ($ctx.args.type == "AREA")
$util.qr($ctx.args.put("parentId", $ctx.args.areaSiteId))
#end
#if ($ctx.args.type == "STATION")
$util.qr($ctx.args.put("parentId", $ctx.args.stationAreaId))
#end
#if ($ctx.args.type == "DEVICE")
$util.qr($ctx.args.put("parentId", $ctx.args.deviceStationId))
#end
#if ($ctx.args.type == "PROCESS")
$util.qr($ctx.args.put("parentId", $ctx.args.processAreaId))
#end
#if ($ctx.args.type == "EVENT")
#if ( ! $ctx.args.parentId)
## If the parentId does not exist, this is a top-level event so use the process ID as the parentId
$util.qr($ctx.args.put("parentId", $ctx.args.eventProcessId))
#end
#end
{
"version": "2017-02-28",
"operation": "PutItem",
"key": {
"id": $util.dynamodb.toDynamoDBJson($util.defaultIfNullOrBlank($ctx.args.id, $util.autoId())),
"type": $util.dynamodb.toDynamoDBJson($ctx.args.type),
},
"attributeValues": $util.dynamodb.toMapValuesJson($context.args)
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
},
"Type": "AWS::AppSync::FunctionConfiguration",
},
"BackEndAppSyncApiGraphqlApiCreateRootCauseFunction8DA11CA2": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"Description": "Create a root cause",
"FunctionVersion": "2018-05-29",
"Name": "CreateRootCauseFunction",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
## Check duplication
#set ($duplicated = $ctx.prev.result.items)
#if ($duplicated.size() > 0)
#if ($ctx.args.rootCause)
$util.error("Same root cause already exists.", "DataDuplicatedError")
#else
$util.error("Same name already exists.", "DataDuplicatedError")
#end
#end
## Check validation
#if ($ctx.args.sms)
#if (!$util.matches("^((\\+\\d{1,2}\\s)?\\(?\\d{3}\\)?[\\s.-]?\\d{3}[\\s.-]?\\d{4})(,\\s*((\\+\\d{1,2}\\s)?\\(?\\d{3}\\)?[\\s.-]?\\d{3}[\\s.-]?\\d{4}))*$", $ctx.args.sms))
$util.error("SMS No. must be a comma-separated list of valid phone numbers.")
#end
#end
#if ($ctx.args.email)
#if (!$util.matches("^([_a-z0-9-]+(\\.[_a-z0-9-]+)*(\\+[a-z0-9-]+)?@\\w+([\\.-]?\\w+)*(\\.\\w{2,3})+)(,\\s*([_a-z0-9-]+(\\.[_a-z0-9-]+)*(\\+[a-z0-9-]+)?@\\w+([\\.-]?\\w+)*(\\.\\w{2,3})+))*$", $ctx.args.email))
$util.error("E-Mail must be a comma-separated list of valid E-Mail addresses.")
#end
#end
## Set default values
$util.qr($ctx.args.put("version", $util.defaultIfNull($ctx.args.version, 1)))
$util.qr($ctx.args.put("createdAt", $util.defaultIfNull($ctx.args.createdAt, $util.time.nowISO8601())))
$util.qr($ctx.args.put("updatedAt", $util.defaultIfNull($ctx.args.updatedAt, $util.time.nowISO8601())))
#if ($ctx.args.type == "AREA")
$util.qr($ctx.args.put("parentId", $ctx.args.areaSiteId))
#end
#if ($ctx.args.type == "STATION")
$util.qr($ctx.args.put("parentId", $ctx.args.stationAreaId))
#end
#if ($ctx.args.type == "DEVICE")
$util.qr($ctx.args.put("parentId", $ctx.args.deviceStationId))
#end
#if ($ctx.args.type == "PROCESS")
$util.qr($ctx.args.put("parentId", $ctx.args.processAreaId))
#end
#if ($ctx.args.type == "EVENT")
#if ( ! $ctx.args.parentId)
## If the parentId does not exist, this is a top-level event so use the process ID as the parentId
$util.qr($ctx.args.put("parentId", $ctx.args.eventProcessId))
#end
#end
{
"version": "2017-02-28",
"operation": "PutItem",
"key": {
"id": $util.dynamodb.toDynamoDBJson($util.defaultIfNullOrBlank($ctx.args.id, $util.autoId())),
"type": $util.dynamodb.toDynamoDBJson($ctx.args.type),
},
"attributeValues": $util.dynamodb.toMapValuesJson($context.args)
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
},
"Type": "AWS::AppSync::FunctionConfiguration",
},
"BackEndAppSyncApiGraphqlApiCreateSiteFunctionF060B572": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"Description": "Create a site",
"FunctionVersion": "2018-05-29",
"Name": "CreateSiteFunction",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
## Check duplication
#set ($duplicated = $ctx.prev.result.items)
#if ($duplicated.size() > 0)
#if ($ctx.args.rootCause)
$util.error("Same root cause already exists.", "DataDuplicatedError")
#else
$util.error("Same name already exists.", "DataDuplicatedError")
#end
#end
## Check validation
#if ($ctx.args.sms)
#if (!$util.matches("^((\\+\\d{1,2}\\s)?\\(?\\d{3}\\)?[\\s.-]?\\d{3}[\\s.-]?\\d{4})(,\\s*((\\+\\d{1,2}\\s)?\\(?\\d{3}\\)?[\\s.-]?\\d{3}[\\s.-]?\\d{4}))*$", $ctx.args.sms))
$util.error("SMS No. must be a comma-separated list of valid phone numbers.")
#end
#end
#if ($ctx.args.email)
#if (!$util.matches("^([_a-z0-9-]+(\\.[_a-z0-9-]+)*(\\+[a-z0-9-]+)?@\\w+([\\.-]?\\w+)*(\\.\\w{2,3})+)(,\\s*([_a-z0-9-]+(\\.[_a-z0-9-]+)*(\\+[a-z0-9-]+)?@\\w+([\\.-]?\\w+)*(\\.\\w{2,3})+))*$", $ctx.args.email))
$util.error("E-Mail must be a comma-separated list of valid E-Mail addresses.")
#end
#end
## Set default values
$util.qr($ctx.args.put("version", $util.defaultIfNull($ctx.args.version, 1)))
$util.qr($ctx.args.put("createdAt", $util.defaultIfNull($ctx.args.createdAt, $util.time.nowISO8601())))
$util.qr($ctx.args.put("updatedAt", $util.defaultIfNull($ctx.args.updatedAt, $util.time.nowISO8601())))
#if ($ctx.args.type == "AREA")
$util.qr($ctx.args.put("parentId", $ctx.args.areaSiteId))
#end
#if ($ctx.args.type == "STATION")
$util.qr($ctx.args.put("parentId", $ctx.args.stationAreaId))
#end
#if ($ctx.args.type == "DEVICE")
$util.qr($ctx.args.put("parentId", $ctx.args.deviceStationId))
#end
#if ($ctx.args.type == "PROCESS")
$util.qr($ctx.args.put("parentId", $ctx.args.processAreaId))
#end
#if ($ctx.args.type == "EVENT")
#if ( ! $ctx.args.parentId)
## If the parentId does not exist, this is a top-level event so use the process ID as the parentId
$util.qr($ctx.args.put("parentId", $ctx.args.eventProcessId))
#end
#end
{
"version": "2017-02-28",
"operation": "PutItem",
"key": {
"id": $util.dynamodb.toDynamoDBJson($util.defaultIfNullOrBlank($ctx.args.id, $util.autoId())),
"type": $util.dynamodb.toDynamoDBJson($ctx.args.type),
},
"attributeValues": $util.dynamodb.toMapValuesJson($context.args)
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
},
"Type": "AWS::AppSync::FunctionConfiguration",
},
"BackEndAppSyncApiGraphqlApiCreateStationFunctionD8D62CDE": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"Description": "Create a station",
"FunctionVersion": "2018-05-29",
"Name": "CreateStationFunction",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
## Check duplication
#set ($duplicated = $ctx.prev.result.items)
#if ($duplicated.size() > 0)
#if ($ctx.args.rootCause)
$util.error("Same root cause already exists.", "DataDuplicatedError")
#else
$util.error("Same name already exists.", "DataDuplicatedError")
#end
#end
## Check validation
#if ($ctx.args.sms)
#if (!$util.matches("^((\\+\\d{1,2}\\s)?\\(?\\d{3}\\)?[\\s.-]?\\d{3}[\\s.-]?\\d{4})(,\\s*((\\+\\d{1,2}\\s)?\\(?\\d{3}\\)?[\\s.-]?\\d{3}[\\s.-]?\\d{4}))*$", $ctx.args.sms))
$util.error("SMS No. must be a comma-separated list of valid phone numbers.")
#end
#end
#if ($ctx.args.email)
#if (!$util.matches("^([_a-z0-9-]+(\\.[_a-z0-9-]+)*(\\+[a-z0-9-]+)?@\\w+([\\.-]?\\w+)*(\\.\\w{2,3})+)(,\\s*([_a-z0-9-]+(\\.[_a-z0-9-]+)*(\\+[a-z0-9-]+)?@\\w+([\\.-]?\\w+)*(\\.\\w{2,3})+))*$", $ctx.args.email))
$util.error("E-Mail must be a comma-separated list of valid E-Mail addresses.")
#end
#end
## Set default values
$util.qr($ctx.args.put("version", $util.defaultIfNull($ctx.args.version, 1)))
$util.qr($ctx.args.put("createdAt", $util.defaultIfNull($ctx.args.createdAt, $util.time.nowISO8601())))
$util.qr($ctx.args.put("updatedAt", $util.defaultIfNull($ctx.args.updatedAt, $util.time.nowISO8601())))
#if ($ctx.args.type == "AREA")
$util.qr($ctx.args.put("parentId", $ctx.args.areaSiteId))
#end
#if ($ctx.args.type == "STATION")
$util.qr($ctx.args.put("parentId", $ctx.args.stationAreaId))
#end
#if ($ctx.args.type == "DEVICE")
$util.qr($ctx.args.put("parentId", $ctx.args.deviceStationId))
#end
#if ($ctx.args.type == "PROCESS")
$util.qr($ctx.args.put("parentId", $ctx.args.processAreaId))
#end
#if ($ctx.args.type == "EVENT")
#if ( ! $ctx.args.parentId)
## If the parentId does not exist, this is a top-level event so use the process ID as the parentId
$util.qr($ctx.args.put("parentId", $ctx.args.eventProcessId))
#end
#end
{
"version": "2017-02-28",
"operation": "PutItem",
"key": {
"id": $util.dynamodb.toDynamoDBJson($util.defaultIfNullOrBlank($ctx.args.id, $util.autoId())),
"type": $util.dynamodb.toDynamoDBJson($ctx.args.type),
},
"attributeValues": $util.dynamodb.toMapValuesJson($context.args)
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
},
"Type": "AWS::AppSync::FunctionConfiguration",
},
"BackEndAppSyncApiGraphqlApiDeleteEventFunction3DCD97F3": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"Description": "Delete an event",
"FunctionVersion": "2018-05-29",
"Name": "DeleteEventFunction",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
{
"version": "2017-02-28",
"operation": "DeleteItem",
"key": {
"id": $util.dynamodb.toDynamoDBJson($ctx.args.id),
"type": $util.dynamodb.toDynamoDBJson($ctx.args.type)
}
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
},
"Type": "AWS::AppSync::FunctionConfiguration",
},
"BackEndAppSyncApiGraphqlApiDevicestationResolver3267F4F8": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"FieldName": "station",
"Kind": "UNIT",
"RequestMappingTemplate": "{
"version": "2017-02-28",
"operation": "GetItem",
"key": {
"id": $util.dynamodb.toDynamoDBJson($util.defaultIfNullOrBlank($ctx.source.deviceStationId, "___xamznone____")),
"type": $util.dynamodb.toDynamoDBJson("STATION")
}
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
"TypeName": "Device",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiEventprocessResolverC1401238": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"FieldName": "process",
"Kind": "UNIT",
"RequestMappingTemplate": "{
"version": "2017-02-28",
"operation": "GetItem",
"key": {
"id": $util.dynamodb.toDynamoDBJson($util.defaultIfNullOrBlank($ctx.source.eventProcessId, "___xamznone____")),
"type": $util.dynamodb.toDynamoDBJson("PROCESS")
}
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
"TypeName": "Event",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiGetPermissionsForAssociateGroupUserFunctionB66575E8": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"Description": "Get permissions for an associate group user",
"FunctionVersion": "2018-05-29",
"Name": "GetPermissionsForAssociateGroupUserFunction",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup","ManagerGroup","EngineerGroup","AssociateGroup"])
## If the request is to get a site, an area, a station, or a process, only AdminGroup can access the data.
## The other case would be getting a user permission by every group users.
#if ($ctx.args.id)
## For 'getEvent' and 'getPermission', do not restrict to only the AdminGroup
#if ($ctx.info.fieldName != "getEvent" && $ctx.info.fieldName != "getPermission")
#set ($allowedGroups = ["AdminGroup"])
#end
#end
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
## If it needs to get permission, and the user is only in AssociateGroup, get permission.
#if ($ctx.stash.permissionCheck)
#if ($userGroups.size() == 1 && $userGroups.contains("AssociateGroup"))
{
"version": "2017-02-28",
"operation": "GetItem",
"key": {
"id": { "S": "$ctx.identity.sub" },
"type": $util.dynamodb.toDynamoDBJson("PERMISSION")
}
}
#else
#return({})
#end
#else
{
"version": "2017-02-28",
"operation": "GetItem",
"key": {
"id": $util.dynamodb.toDynamoDBJson($ctx.args.id),
"type": $util.dynamodb.toDynamoDBJson($ctx.args.type)
}
}
#end",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
},
"Type": "AWS::AppSync::FunctionConfiguration",
},
"BackEndAppSyncApiGraphqlApiHandleEventSNSFunctionAD00A5A7": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVALambdaDataSource3AD4F63E",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVALambdaDataSource",
"Description": "Manages SNS Subscriptions to the main AVA Topic",
"FunctionVersion": "2018-05-29",
"Name": "HandleEventSnsFunction",
},
"Type": "AWS::AppSync::FunctionConfiguration",
},
"BackEndAppSyncApiGraphqlApiIssueDataSourceFCF50787": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DynamoDBConfig": {
"AwsRegion": {
"Ref": "AWS::Region",
},
"TableName": {
"Ref": "AVAIssuesTable",
},
},
"Name": "IssueDataSource",
"ServiceRoleArn": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiIssueDataSourceServiceRole7CFC1804",
"Arn",
],
},
"Type": "AMAZON_DYNAMODB",
},
"Type": "AWS::AppSync::DataSource",
},
"BackEndAppSyncApiGraphqlApiIssueDataSourceServiceRole7CFC1804": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "appsync.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
},
"Type": "AWS::IAM::Role",
},
"BackEndAppSyncApiGraphqlApiIssueDataSourceServiceRoleDefaultPolicy1F51834A": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": [
"dynamodb:BatchGetItem",
"dynamodb:GetRecords",
"dynamodb:GetShardIterator",
"dynamodb:Query",
"dynamodb:GetItem",
"dynamodb:Scan",
"dynamodb:ConditionCheckItem",
"dynamodb:BatchWriteItem",
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem",
"dynamodb:DescribeTable",
],
"Effect": "Allow",
"Resource": [
{
"Fn::GetAtt": [
"AVAIssuesTable",
"Arn",
],
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"AVAIssuesTable",
"Arn",
],
},
"/index/*",
],
],
},
],
},
],
"Version": "2012-10-17",
},
"PolicyName": "BackEndAppSyncApiGraphqlApiIssueDataSourceServiceRoleDefaultPolicy1F51834A",
"Roles": [
{
"Ref": "BackEndAppSyncApiGraphqlApiIssueDataSourceServiceRole7CFC1804",
},
],
},
"Type": "AWS::IAM::Policy",
},
"BackEndAppSyncApiGraphqlApiListAreasFunctionE2DF0F8E": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"Description": "Get areas",
"FunctionVersion": "2018-05-29",
"Name": "ListAreasFunction",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup","ManagerGroup","EngineerGroup","AssociateGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
{
"version": "2017-02-28",
"operation": "Query",
"query": {
"expressionNames": {
"#type": "type",
"#parent": "parentId"
},
"expressionValues": {
":type": $util.dynamodb.toDynamoDBJson("AREA"),
":parent": $util.dynamodb.toDynamoDBJson($ctx.args.areaSiteId)
},
"expression": "#type = :type and #parent = :parent"
},
#if( $context.args.name )
"filter": {
"expression" : "#name = :name",
"expressionNames" : {
"#name" : "name"
},
"expressionValues" : {
":name" : { "S" : "$ctx.args.name" }
}
},
#end
"index": "ByTypeAndParent-index",
#if ($ctx.args.nextToken)
"nextToken": "$ctx.args.nextToken",
#end
"limit": $util.defaultIfNull($ctx.args.limit, 50)
}
",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
},
"Type": "AWS::AppSync::FunctionConfiguration",
},
"BackEndAppSyncApiGraphqlApiListDevicesFunction24215504": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"Description": "Get devices",
"FunctionVersion": "2018-05-29",
"Name": "ListDevicesFunction",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup","ManagerGroup","EngineerGroup","AssociateGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
{
"version": "2017-02-28",
"operation": "Query",
"query": {
"expression": "#type = :type and #parent = :parent",
"expressionNames": {
"#type": "type",
"#parent": "parentId"
},
"expressionValues": {
":type": $util.dynamodb.toDynamoDBJson("DEVICE"),
":parent": $util.dynamodb.toDynamoDBJson($ctx.args.deviceStationId)
},
},
#if( $context.args.name )
"filter": {
"expression" : "#name = :name",
"expressionNames" : {
"#name" : "name"
},
"expressionValues" : {
":name" : { "S" : "$ctx.args.name" }
}
},
#end
"index": "ByTypeAndParent-index",
#if( $ctx.args.nextToken )
"nextToken": "$ctx.args.nextToken",
#end
"limit": $util.defaultIfNull($ctx.args.limit, 50)
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
},
"Type": "AWS::AppSync::FunctionConfiguration",
},
"BackEndAppSyncApiGraphqlApiListEventsFunctionFCC0D3A2": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"Description": "Get events",
"FunctionVersion": "2018-05-29",
"Name": "ListEventsFunction",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup","ManagerGroup","EngineerGroup","AssociateGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
{
"version": "2017-02-28",
"operation": "Query",
"query": {
"expressionNames": {
"#type": "type",
#if( $context.args.parentId ) "#parent": "parentId" #end
},
"expressionValues": {
":type": $util.dynamodb.toDynamoDBJson("EVENT"),
#if( $context.args.parentId ) ":parent": $util.dynamodb.toDynamoDBJson($ctx.args.parentId) #end
},
"expression": "#type = :type #if( $context.args.parentId ) and #parent = :parent #end"
},
#if( $context.args.name || $context.args.eventProcessId )
"filter": {
#if( $context.args.name && $context.args.eventProcessId )
"expression" : "#name = :name and #process = :process",
#elseif( $context.args.name )
"expression" : "#name = :name",
#else
"expression" : "#process = :process",
#end
"expressionNames" : {
#if( $context.args.name ) "#name" : "name", #end
#if( $context.args.eventProcessId ) "#process" : "eventProcessId", #end
},
"expressionValues" : {
#if( $context.args.name ) ":name" : { "S" : "$ctx.args.name" }, #end
#if( $context.args.eventProcessId ) ":process" : { "S" : "$ctx.args.eventProcessId" }, #end
}
},
#end
"index": "ByTypeAndParent-index",
#if ($ctx.args.nextToken)
"nextToken": "$ctx.args.nextToken",
#end
"limit": $util.defaultIfNull($ctx.args.limit, 20)
}
",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
},
"Type": "AWS::AppSync::FunctionConfiguration",
},
"BackEndAppSyncApiGraphqlApiListIssuesByDeviceFunction70D8CF1D": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiIssueDataSourceFCF50787",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "IssueDataSource",
"Description": "Get issues by device",
"FunctionVersion": "2018-05-29",
"Name": "ListIssuesByDeviceFunction",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup","ManagerGroup","EngineerGroup","AssociateGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
## [Start] Set query expression for @key **
#set( $modelQueryExpression = {} )
## [Start] Validate key arguments. **
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated) && $util.isNullOrBlank($ctx.args.siteName) )
$util.error("When providing argument 'areaNameStatusProcessNameStationNameDeviceNameCreated' you must also provide 'siteName'.", "InvalidArgumentsError")
#end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated) )
#set( $sortKeyArgumentOperations = $ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.keySet() )
#if( $sortKeyArgumentOperations.size() > 1 )
$util.error("Argument areaNameStatusProcessNameStationNameDeviceNameCreated must specify at most one key condition operation.", "InvalidArgumentsError")
#end
#foreach( $operation in $sortKeyArgumentOperations )
#if( $operation == "between" )
#if( $ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between.size() != 2 )
$util.error("Argument 'areaNameStatusProcessNameStationNameDeviceNameCreated.between' expects exactly two elements.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].created) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].deviceName) )
$util.error("When providing argument 'areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].created' you must also provide 'areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].deviceName'.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].created) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].deviceName) )
$util.error("When providing argument 'areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].created' you must also provide 'areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].deviceName'.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].deviceName) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].stationName) )
$util.error("When providing argument 'areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].deviceName' you must also provide 'areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].stationName'.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].deviceName) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].stationName) )
$util.error("When providing argument 'areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].deviceName' you must also provide 'areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].stationName'.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].stationName) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].processName) )
$util.error("When providing argument 'areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].stationName' you must also provide 'areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].processName'.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].stationName) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].processName) )
$util.error("When providing argument 'areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].stationName' you must also provide 'areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].processName'.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].processName) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].status) )
$util.error("When providing argument 'areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].processName' you must also provide 'areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].status'.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].processName) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].status) )
$util.error("When providing argument 'areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].processName' you must also provide 'areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].status'.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].status) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].areaName) )
$util.error("When providing argument 'areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].status' you must also provide 'areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].areaName'.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].status) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].areaName) )
$util.error("When providing argument 'areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].status' you must also provide 'areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].areaName'.", "InvalidArgumentsError")
#end
#else
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.get("$operation").created) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.get("$operation").deviceName) )
$util.error("When providing argument 'areaNameStatusProcessNameStationNameDeviceNameCreated.$operation.created' you must also provide 'areaNameStatusProcessNameStationNameDeviceNameCreated.$operation.deviceName'.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.get("$operation").deviceName) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.get("$operation").stationName) )
$util.error("When providing argument 'areaNameStatusProcessNameStationNameDeviceNameCreated.$operation.deviceName' you must also provide 'areaNameStatusProcessNameStationNameDeviceNameCreated.$operation.stationName'.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.get("$operation").stationName) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.get("$operation").processName) )
$util.error("When providing argument 'areaNameStatusProcessNameStationNameDeviceNameCreated.$operation.stationName' you must also provide 'areaNameStatusProcessNameStationNameDeviceNameCreated.$operation.processName'.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.get("$operation").processName) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.get("$operation").status) )
$util.error("When providing argument 'areaNameStatusProcessNameStationNameDeviceNameCreated.$operation.processName' you must also provide 'areaNameStatusProcessNameStationNameDeviceNameCreated.$operation.status'.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.get("$operation").status) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.get("$operation").areaName) )
$util.error("When providing argument 'areaNameStatusProcessNameStationNameDeviceNameCreated.$operation.status' you must also provide 'areaNameStatusProcessNameStationNameDeviceNameCreated.$operation.areaName'.", "InvalidArgumentsError")
#end
#end
#end
#end
## [End] Validate key arguments. **
#if( !$util.isNull($ctx.args.siteName) )
#set( $modelQueryExpression.expression = "#siteName = :siteName" )
#set( $modelQueryExpression.expressionNames = {
"#siteName": "siteName"
} )
#set( $modelQueryExpression.expressionValues = {
":siteName": {
"S": "$ctx.args.siteName"
}
} )
#end
## [Start] Applying Key Condition **
#set( $sortKeyValue = "" )
#set( $sortKeyValue2 = "" )
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated) && !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.beginsWith) )
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.beginsWith.areaName) ) #set( $sortKeyValue = "$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.beginsWith.areaName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.beginsWith.status) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.beginsWith.status" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.beginsWith.processName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.beginsWith.processName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.beginsWith.stationName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.beginsWith.stationName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.beginsWith.deviceName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.beginsWith.deviceName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.beginsWith.created) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.beginsWith.created" ) #end
#set( $modelQueryExpression.expression = "$modelQueryExpression.expression AND begins_with(#sortKey, :sortKey)" )
$util.qr($modelQueryExpression.expressionNames.put("#sortKey", "areaName#status#processName#stationName#deviceName#created"))
$util.qr($modelQueryExpression.expressionValues.put(":sortKey", { "S": "$sortKeyValue" }))
#end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated) && !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between) )
#if( $ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between.size() != 2 )
$util.error("Argument areaNameStatusProcessNameStationNameDeviceNameCreated.between expects exactly 2 elements.")
#end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].areaName) ) #set( $sortKeyValue = "$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].areaName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].status) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].status" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].processName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].processName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].stationName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].stationName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].deviceName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].deviceName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].created) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[0].created" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].areaName) ) #set( $sortKeyValue2 = "$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].areaName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].status) ) #set( $sortKeyValue2 = "$sortKeyValue2#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].status" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].processName) ) #set( $sortKeyValue2 = "$sortKeyValue2#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].processName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].stationName) ) #set( $sortKeyValue2 = "$sortKeyValue2#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].stationName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].deviceName) ) #set( $sortKeyValue2 = "$sortKeyValue2#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].deviceName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].created) ) #set( $sortKeyValue2 = "$sortKeyValue2#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.between[1].created" ) #end
#set( $modelQueryExpression.expression = "$modelQueryExpression.expression AND #sortKey BETWEEN :sortKey0 AND :sortKey1" )
$util.qr($modelQueryExpression.expressionNames.put("#sortKey", "areaName#status#processName#stationName#deviceName#created"))
$util.qr($modelQueryExpression.expressionValues.put(":sortKey0", { "S": "$sortKeyValue" }))
$util.qr($modelQueryExpression.expressionValues.put(":sortKey1", { "S": "$sortKeyValue2" }))
#end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated) && !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.eq) )
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.eq.areaName) ) #set( $sortKeyValue = "$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.eq.areaName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.eq.status) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.eq.status" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.eq.processName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.eq.processName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.eq.stationName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.eq.stationName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.eq.deviceName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.eq.deviceName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.eq.created) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.eq.created" ) #end
#set( $modelQueryExpression.expression = "$modelQueryExpression.expression AND #sortKey = :sortKey" )
$util.qr($modelQueryExpression.expressionNames.put("#sortKey", "areaName#status#processName#stationName#deviceName#created"))
$util.qr($modelQueryExpression.expressionValues.put(":sortKey", { "S": "$sortKeyValue" }))
#end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated) && !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.lt) )
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.lt.areaName) ) #set( $sortKeyValue = "$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.lt.areaName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.lt.status) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.lt.status" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.lt.processName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.lt.processName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.lt.stationName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.lt.stationName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.lt.deviceName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.lt.deviceName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.lt.created) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.lt.created" ) #end
#set( $modelQueryExpression.expression = "$modelQueryExpression.expression AND #sortKey < :sortKey" )
$util.qr($modelQueryExpression.expressionNames.put("#sortKey", "areaName#status#processName#stationName#deviceName#created"))
$util.qr($modelQueryExpression.expressionValues.put(":sortKey", { "S": "$sortKeyValue" }))
#end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated) && !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.le) )
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.le.areaName) ) #set( $sortKeyValue = "$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.le.areaName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.le.status) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.le.status" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.le.processName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.le.processName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.le.stationName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.le.stationName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.le.deviceName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.le.deviceName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.le.created) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.le.created" ) #end
#set( $modelQueryExpression.expression = "$modelQueryExpression.expression AND #sortKey <= :sortKey" )
$util.qr($modelQueryExpression.expressionNames.put("#sortKey", "areaName#status#processName#stationName#deviceName#created"))
$util.qr($modelQueryExpression.expressionValues.put(":sortKey", { "S": "$sortKeyValue" }))
#end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated) && !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.gt) )
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.gt.areaName) ) #set( $sortKeyValue = "$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.gt.areaName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.gt.status) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.gt.status" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.gt.processName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.gt.processName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.gt.stationName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.gt.stationName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.gt.deviceName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.gt.deviceName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.gt.created) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.gt.created" ) #end
#set( $modelQueryExpression.expression = "$modelQueryExpression.expression AND #sortKey > :sortKey" )
$util.qr($modelQueryExpression.expressionNames.put("#sortKey", "areaName#status#processName#stationName#deviceName#created"))
$util.qr($modelQueryExpression.expressionValues.put(":sortKey", { "S": "$sortKeyValue" }))
#end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated) && !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.ge) )
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.ge.areaName) ) #set( $sortKeyValue = "$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.ge.areaName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.ge.status) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.ge.status" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.ge.processName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.ge.processName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.ge.stationName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.ge.stationName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.ge.deviceName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.ge.deviceName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.ge.created) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameStationNameDeviceNameCreated.ge.created" ) #end
#set( $modelQueryExpression.expression = "$modelQueryExpression.expression AND #sortKey >= :sortKey" )
$util.qr($modelQueryExpression.expressionNames.put("#sortKey", "areaName#status#processName#stationName#deviceName#created"))
$util.qr($modelQueryExpression.expressionValues.put(":sortKey", { "S": "$sortKeyValue" }))
#end
## [End] Applying Key Condition **
## [End] Set query expression for @key **
#set( $limit = $util.defaultIfNull($context.args.limit, 10) )
#set( $QueryRequest = {
"version": "2017-02-28",
"operation": "Query",
"limit": $limit,
"query": $modelQueryExpression,
"index": "ByDevice-index"
} )
#if( !$util.isNull($ctx.args.sortDirection)
&& $ctx.args.sortDirection == "DESC" )
#set( $QueryRequest.scanIndexForward = false )
#else
#set( $QueryRequest.scanIndexForward = true )
#end
#if( $context.args.nextToken ) #set( $QueryRequest.nextToken = "$context.args.nextToken" ) #end
#if( $context.args.filter ) #set( $QueryRequest.filter = $util.parseJson("$util.transform.toDynamoDBFilterExpression($ctx.args.filter)") ) #end
$util.toJson($QueryRequest)",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
},
"Type": "AWS::AppSync::FunctionConfiguration",
},
"BackEndAppSyncApiGraphqlApiListProcessesFunction8D6BC2E6": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"Description": "Get processes",
"FunctionVersion": "2018-05-29",
"Name": "ListProcessesFunction",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup","ManagerGroup","EngineerGroup","AssociateGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
{
"version": "2017-02-28",
"operation": "Query",
"query": {
"expressionNames": {
"#type": "type",
"#parent": "parentId"
},
"expressionValues": {
":type": $util.dynamodb.toDynamoDBJson("PROCESS"),
":parent": $util.dynamodb.toDynamoDBJson($ctx.args.processAreaId)
},
"expression": "#type = :type and #parent = :parent"
},
#if( $context.args.name )
"filter": {
"expression" : "#name = :name",
"expressionNames" : {
"#name" : "name"
},
"expressionValues" : {
":name" : { "S" : "$ctx.args.name" }
}
},
#end
"index": "ByTypeAndParent-index",
#if ($ctx.args.nextToken)
"nextToken": "$ctx.args.nextToken",
#end
"limit": $util.defaultIfNull($ctx.args.limit, 20)
}
",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
},
"Type": "AWS::AppSync::FunctionConfiguration",
},
"BackEndAppSyncApiGraphqlApiListRootCausesByNameFunction6C7CBCCF": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"Description": "Get root causes",
"FunctionVersion": "2018-05-29",
"Name": "ListRootCausesByNameFunction",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
{
"version": "2017-02-28",
"operation": "Query",
"index": "ByTypeAndName-index",
"query": {
"expression": "#type = :type and #name = :name",
"expressionNames": {
"#type": "type",
"#name": "name"
},
"expressionValues": {
":type": $util.dynamodb.toDynamoDBJson("ROOT_CAUSE"),
":name": $util.dynamodb.toDynamoDBJson($ctx.args.name)
}
}
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
},
"Type": "AWS::AppSync::FunctionConfiguration",
},
"BackEndAppSyncApiGraphqlApiListSitesByNameFunction6CCEE428": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"Description": "Get sites by name",
"FunctionVersion": "2018-05-29",
"Name": "ListSitesByNameFunction",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
{
"version": "2017-02-28",
"operation": "Query",
"index": "ByTypeAndName-index",
"limit": $util.defaultIfNull($ctx.args.limit, 50),
#if( $ctx.args.nextToken )
"nextToken": "$ctx.args.nextToken",
#end
"query": {
"expression": "#type = :type AND #name = :name",
"expressionNames": {
"#type": "type",
"#name": "name"
},
"expressionValues": {
":type": $util.dynamodb.toDynamoDBJson("SITE"),
":name": $util.dynamodb.toDynamoDBJson($ctx.args.name)
}
}
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
},
"Type": "AWS::AppSync::FunctionConfiguration",
},
"BackEndAppSyncApiGraphqlApiListSitesFunction9A55BE6D": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"Description": "Get sites",
"FunctionVersion": "2018-05-29",
"Name": "ListSitesFunction",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup","ManagerGroup","EngineerGroup","AssociateGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
{
"version": "2017-02-28",
"operation": "Query",
"index": "ByTypeAndName-index",
"limit": $util.defaultIfNull($ctx.args.limit, 50),
#if( $ctx.args.nextToken )
"nextToken": "$ctx.args.nextToken",
#end
"query": {
"expression": "#type = :type",
"expressionNames": {
"#type": "type"
},
"expressionValues": {
":type": $util.dynamodb.toDynamoDBJson("SITE")
}
}
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
},
"Type": "AWS::AppSync::FunctionConfiguration",
},
"BackEndAppSyncApiGraphqlApiListStationsFunctionCB1BAC37": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"Description": "Get stations",
"FunctionVersion": "2018-05-29",
"Name": "ListStationsFunction",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup","ManagerGroup","EngineerGroup","AssociateGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
{
"version": "2017-02-28",
"operation": "Query",
"query": {
"expressionNames": {
"#type": "type",
"#parent": "parentId"
},
"expressionValues": {
":type": $util.dynamodb.toDynamoDBJson("STATION"),
":parent": $util.dynamodb.toDynamoDBJson($ctx.args.stationAreaId)
},
"expression": "#type = :type and #parent = :parent"
},
#if( $context.args.name )
"filter": {
"expression" : "#name = :name",
"expressionNames" : {
"#name" : "name"
},
"expressionValues" : {
":name" : { "S" : "$ctx.args.name" }
}
},
#end
"index": "ByTypeAndParent-index",
#if ($ctx.args.nextToken)
"nextToken": "$ctx.args.nextToken",
#end
"limit": $util.defaultIfNull($ctx.args.limit, 20)
}
",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
},
"Type": "AWS::AppSync::FunctionConfiguration",
},
"BackEndAppSyncApiGraphqlApiMutationcreateAreaResolver615F7EAD": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"FieldName": "createArea",
"Kind": "PIPELINE",
"PipelineConfig": {
"Functions": [
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiListAreasFunctionE2DF0F8E",
"FunctionId",
],
},
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiCreateAreaFunction51930F3C",
"FunctionId",
],
},
],
},
"RequestMappingTemplate": "{}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB.
$util.toJson($ctx.prev.result)",
"TypeName": "Mutation",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiMutationcreateDeviceResolverB019C2E8": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"FieldName": "createDevice",
"Kind": "PIPELINE",
"PipelineConfig": {
"Functions": [
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiListDevicesFunction24215504",
"FunctionId",
],
},
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiCreateDeviceFunction54EDCF53",
"FunctionId",
],
},
],
},
"RequestMappingTemplate": "{}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB.
$util.toJson($ctx.prev.result)",
"TypeName": "Mutation",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiMutationcreateEventResolver71AF028A": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"FieldName": "createEvent",
"Kind": "PIPELINE",
"PipelineConfig": {
"Functions": [
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiListEventsFunctionFCC0D3A2",
"FunctionId",
],
},
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiCreateEventFunction050BFFAF",
"FunctionId",
],
},
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiHandleEventSNSFunctionAD00A5A7",
"FunctionId",
],
},
],
},
"RequestMappingTemplate": "{}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB.
$util.toJson($ctx.prev.result)",
"TypeName": "Mutation",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiMutationcreateIssueResolver582F69D8": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiIssueDataSourceFCF50787",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "IssueDataSource",
"FieldName": "createIssue",
"Kind": "UNIT",
"RequestMappingTemplate": "## [Start] Determine request authentication mode **
#if( $util.isNullOrEmpty($authMode) && !$util.isNull($ctx.identity) && !$util.isNull($ctx.identity.sub) && !$util.isNull($ctx.identity.issuer) && !$util.isNull($ctx.identity.username) && !$util.isNull($ctx.identity.claims) && !$util.isNull($ctx.identity.sourceIp) && !$util.isNull($ctx.identity.defaultAuthStrategy) )
#set( $authMode = "userPools" )
#end
## [End] Determine request authentication mode **
## [Start] Check authMode and execute owner/group checks **
#if( $authMode == "userPools" )
## [Start] Static Group Authorization Checks **
#set($isStaticGroupAuthorized = $util.defaultIfNull(
$isStaticGroupAuthorized, false))
## Authorization rule: { allow: groups, groups: ["AdminGroup"], groupClaim: "cognito:groups" } **
#set( $userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []) )
#set( $allowedGroups = ["AdminGroup"] )
#foreach( $userGroup in $userGroups )
#if( $allowedGroups.contains($userGroup) )
#set( $isStaticGroupAuthorized = true )
#break
#end
#end
## Authorization rule: { allow: groups, groups: ["ManagerGroup"], groupClaim: "cognito:groups" } **
#set( $userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []) )
#set( $allowedGroups = ["ManagerGroup"] )
#foreach( $userGroup in $userGroups )
#if( $allowedGroups.contains($userGroup) )
#set( $isStaticGroupAuthorized = true )
#break
#end
#end
## Authorization rule: { allow: groups, groups: ["AssociateGroup"], groupClaim: "cognito:groups" } **
#set( $userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []) )
#set( $allowedGroups = ["AssociateGroup"] )
#foreach( $userGroup in $userGroups )
#if( $allowedGroups.contains($userGroup) )
#set( $isStaticGroupAuthorized = true )
#break
#end
#end
## Authorization rule: { allow: groups, groups: ["EngineerGroup"], groupClaim: "cognito:groups" } **
#set( $userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []) )
#set( $allowedGroups = ["EngineerGroup"] )
#foreach( $userGroup in $userGroups )
#if( $allowedGroups.contains($userGroup) )
#set( $isStaticGroupAuthorized = true )
#break
#end
#end
## [End] Static Group Authorization Checks **
## No Dynamic Group Authorization Rules **
## No Owner Authorization Rules **
## [Start] Throw if unauthorized **
#if( !($isStaticGroupAuthorized == true || $isDynamicGroupAuthorized == true || $isOwnerAuthorized == true) )
$util.unauthorized()
#end
## [End] Throw if unauthorized **
#end
## [End] Check authMode and execute owner/group checks **
#if( $util.isNull($dynamodbNameOverrideMap) )
#set( $dynamodbNameOverrideMap = {
"areaName#status#processName#stationName#deviceName#created": "areaNameStatusProcessNameStationNameDeviceNameCreated"
} )
#else
$util.qr($dynamodbNameOverrideMap.put("areaName#status#processName#stationName#deviceName#created", "areaNameStatusProcessNameStationNameDeviceNameCreated"))
#end
$util.qr($ctx.args.input.put("areaName#status#processName#stationName#deviceName#created","\${ctx.args.input.areaName}#\${ctx.args.input.status}#\${ctx.args.input.processName}#\${ctx.args.input.stationName}#\${ctx.args.input.deviceName}#\${ctx.args.input.created}"))
#if( $util.isNull($dynamodbNameOverrideMap) )
#set( $dynamodbNameOverrideMap = {
"areaName#status#processName#eventDescription#stationName#deviceName#created": "areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated"
} )
#else
$util.qr($dynamodbNameOverrideMap.put("areaName#status#processName#eventDescription#stationName#deviceName#created", "areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated"))
#end
$util.qr($ctx.args.input.put("areaName#status#processName#eventDescription#stationName#deviceName#created","\${ctx.args.input.areaName}#\${ctx.args.input.status}#\${ctx.args.input.processName}#\${ctx.args.input.eventDescription}#\${ctx.args.input.stationName}#\${ctx.args.input.deviceName}#\${ctx.args.input.created}"))
## [Start] Set the primary @key. **
#set( $modelObjectKey = {
"id": $util.dynamodb.toDynamoDB($ctx.args.input.id)
} )
## [End] Set the primary @key. **
## [Start] Setting "version" to 1. **
$util.qr($ctx.args.input.put("version", 1))
## [End] Setting "version" to 1. **
## [Start] Prepare DynamoDB PutItem Request. **
$util.qr($context.args.input.put("createdDateUtc", $util.defaultIfNull($ctx.args.createdDateUtc, $util.time.nowFormatted("yyyy-MM-dd", "+00:00"))))
$util.qr($context.args.input.put("createdAt", $util.defaultIfNull($ctx.args.input.createdAt, $util.time.nowISO8601())))
$util.qr($context.args.input.put("updatedAt", $util.defaultIfNull($ctx.args.input.updatedAt, $util.time.nowISO8601())))
$util.qr($context.args.input.put("deviceName#eventId", "\${ctx.args.input.deviceName}#\${ctx.args.input.eventId}"))
#set( $condition = {
"expression": "attribute_not_exists(#id)",
"expressionNames": {
"#id": "id"
}
} )
#if( $context.args.condition )
#set( $condition.expressionValues = {} )
#set( $conditionFilterExpressions = $util.parseJson($util.transform.toDynamoDBConditionExpression($context.args.condition)) )
$util.qr($condition.put("expression", "($condition.expression) AND $conditionFilterExpressions.expression"))
$util.qr($condition.expressionNames.putAll($conditionFilterExpressions.expressionNames))
$util.qr($condition.expressionValues.putAll($conditionFilterExpressions.expressionValues))
#end
#if( $condition.expressionValues && $condition.expressionValues.size() == 0 )
#set( $condition = {
"expression": $condition.expression,
"expressionNames": $condition.expressionNames
} )
#end
{
"version": "2017-02-28",
"operation": "PutItem",
"key": #if( $modelObjectKey ) $util.toJson($modelObjectKey) #else {
"id": $util.dynamodb.toDynamoDBJson($util.defaultIfNullOrBlank($ctx.args.input.id, $util.autoId()))
} #end,
"attributeValues": $util.dynamodb.toMapValuesJson($context.args.input),
"condition": $util.toJson($condition)
}
## [End] Prepare DynamoDB PutItem Request. **",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
"TypeName": "Mutation",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiMutationcreateProcessResolver8A885B44": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"FieldName": "createProcess",
"Kind": "PIPELINE",
"PipelineConfig": {
"Functions": [
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiListProcessesFunction8D6BC2E6",
"FunctionId",
],
},
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiCreateProcessFunction78464955",
"FunctionId",
],
},
],
},
"RequestMappingTemplate": "{}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB.
$util.toJson($ctx.prev.result)",
"TypeName": "Mutation",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiMutationcreateRootCauseResolverA5C67D9B": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"FieldName": "createRootCause",
"Kind": "PIPELINE",
"PipelineConfig": {
"Functions": [
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiListRootCausesByNameFunction6C7CBCCF",
"FunctionId",
],
},
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiCreateRootCauseFunction8DA11CA2",
"FunctionId",
],
},
],
},
"RequestMappingTemplate": "{}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB.
$util.toJson($ctx.prev.result)",
"TypeName": "Mutation",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiMutationcreateSiteResolver4D8DB703": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"FieldName": "createSite",
"Kind": "PIPELINE",
"PipelineConfig": {
"Functions": [
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiListSitesByNameFunction6CCEE428",
"FunctionId",
],
},
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiCreateSiteFunctionF060B572",
"FunctionId",
],
},
],
},
"RequestMappingTemplate": "{}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB.
$util.toJson($ctx.prev.result)",
"TypeName": "Mutation",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiMutationcreateStationResolverF8B05E94": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"FieldName": "createStation",
"Kind": "PIPELINE",
"PipelineConfig": {
"Functions": [
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiListStationsFunctionCB1BAC37",
"FunctionId",
],
},
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiCreateStationFunctionD8D62CDE",
"FunctionId",
],
},
],
},
"RequestMappingTemplate": "{}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB.
$util.toJson($ctx.prev.result)",
"TypeName": "Mutation",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiMutationdeleteAreaResolverA67335AD": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"FieldName": "deleteArea",
"Kind": "UNIT",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
{
"version": "2017-02-28",
"operation": "DeleteItem",
"key": {
"id": $util.dynamodb.toDynamoDBJson($ctx.args.id),
"type": $util.dynamodb.toDynamoDBJson($ctx.args.type)
}
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
"TypeName": "Mutation",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiMutationdeleteDeviceResolver6BC2AAEC": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"FieldName": "deleteDevice",
"Kind": "UNIT",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
{
"version": "2017-02-28",
"operation": "DeleteItem",
"key": {
"id": $util.dynamodb.toDynamoDBJson($ctx.args.id),
"type": $util.dynamodb.toDynamoDBJson($ctx.args.type)
}
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
"TypeName": "Mutation",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiMutationdeleteEventResolver1A26DF69": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"FieldName": "deleteEvent",
"Kind": "PIPELINE",
"PipelineConfig": {
"Functions": [
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiDeleteEventFunction3DCD97F3",
"FunctionId",
],
},
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiHandleEventSNSFunctionAD00A5A7",
"FunctionId",
],
},
],
},
"RequestMappingTemplate": "{}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB.
$util.toJson($ctx.prev.result)",
"TypeName": "Mutation",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiMutationdeletePermissionResolver7D915AAA": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"FieldName": "deletePermission",
"Kind": "UNIT",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
{
"version": "2017-02-28",
"operation": "DeleteItem",
"key": {
"id": $util.dynamodb.toDynamoDBJson($ctx.args.id),
"type": $util.dynamodb.toDynamoDBJson($ctx.args.type)
}
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
"TypeName": "Mutation",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiMutationdeleteProcessResolver135199C4": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"FieldName": "deleteProcess",
"Kind": "UNIT",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
{
"version": "2017-02-28",
"operation": "DeleteItem",
"key": {
"id": $util.dynamodb.toDynamoDBJson($ctx.args.id),
"type": $util.dynamodb.toDynamoDBJson($ctx.args.type)
}
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
"TypeName": "Mutation",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiMutationdeleteRootCauseResolverF760E092": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"FieldName": "deleteRootCause",
"Kind": "UNIT",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
{
"version": "2017-02-28",
"operation": "DeleteItem",
"key": {
"id": $util.dynamodb.toDynamoDBJson($ctx.args.id),
"type": $util.dynamodb.toDynamoDBJson($ctx.args.type)
}
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
"TypeName": "Mutation",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiMutationdeleteSiteResolverF65D4844": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"FieldName": "deleteSite",
"Kind": "UNIT",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
{
"version": "2017-02-28",
"operation": "DeleteItem",
"key": {
"id": $util.dynamodb.toDynamoDBJson($ctx.args.id),
"type": $util.dynamodb.toDynamoDBJson($ctx.args.type)
}
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
"TypeName": "Mutation",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiMutationdeleteStationResolver97CE8942": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"FieldName": "deleteStation",
"Kind": "UNIT",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
{
"version": "2017-02-28",
"operation": "DeleteItem",
"key": {
"id": $util.dynamodb.toDynamoDBJson($ctx.args.id),
"type": $util.dynamodb.toDynamoDBJson($ctx.args.type)
}
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
"TypeName": "Mutation",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiMutationputPermissionResolverF568B519": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"FieldName": "putPermission",
"Kind": "UNIT",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
## Set parentId
$util.qr($context.args.input.put("parentId", "NONE"))
## Set updatedAt
$util.qr($context.args.input.put("updatedAt", $util.defaultIfNull($ctx.args.input.updatedAt, $util.time.nowISO8601())))
{
"version": "2017-02-28",
"operation": "PutItem",
"key": {
"id": $util.dynamodb.toDynamoDBJson($ctx.args.input.id),
"type": $util.dynamodb.toDynamoDBJson("PERMISSION")
},
"attributeValues": $util.dynamodb.toMapValuesJson($ctx.args.input)
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
"TypeName": "Mutation",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiMutationupdateEventResolver0BE2701D": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"FieldName": "updateEvent",
"Kind": "PIPELINE",
"PipelineConfig": {
"Functions": [
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiUpdateEventFunction0D934029",
"FunctionId",
],
},
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiHandleEventSNSFunctionAD00A5A7",
"FunctionId",
],
},
],
},
"RequestMappingTemplate": "{}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB.
$util.toJson($ctx.prev.result)",
"TypeName": "Mutation",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiMutationupdateIssueResolverB9099D2D": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiIssueDataSourceFCF50787",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "IssueDataSource",
"FieldName": "updateIssue",
"Kind": "UNIT",
"RequestMappingTemplate": "## [Start] Determine request authentication mode **
#if( $util.isNullOrEmpty($authMode) && !$util.isNull($ctx.identity) && !$util.isNull($ctx.identity.sub) && !$util.isNull($ctx.identity.issuer) && !$util.isNull($ctx.identity.username) && !$util.isNull($ctx.identity.claims) && !$util.isNull($ctx.identity.sourceIp) && !$util.isNull($ctx.identity.defaultAuthStrategy) )
#set( $authMode = "userPools" )
#end
## [End] Determine request authentication mode **
## [Start] Check authMode and execute owner/group checks **
#if( $authMode == "userPools" )
## [Start] Static Group Authorization Checks **
#set($isStaticGroupAuthorized = $util.defaultIfNull(
$isStaticGroupAuthorized, false))
## Authorization rule: { allow: groups, groups: ["AdminGroup"], groupClaim: "cognito:groups" } **
#set( $userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []) )
#set( $allowedGroups = ["AdminGroup"] )
#foreach( $userGroup in $userGroups )
#if( $allowedGroups.contains($userGroup) )
#set( $isStaticGroupAuthorized = true )
#break
#end
#end
## Authorization rule: { allow: groups, groups: ["ManagerGroup"], groupClaim: "cognito:groups" } **
#set( $userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []) )
#set( $allowedGroups = ["ManagerGroup"] )
#foreach( $userGroup in $userGroups )
#if( $allowedGroups.contains($userGroup) )
#set( $isStaticGroupAuthorized = true )
#break
#end
#end
## Authorization rule: { allow: groups, groups: ["AssociateGroup"], groupClaim: "cognito:groups" } **
#set( $userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []) )
#set( $allowedGroups = ["AssociateGroup"] )
#foreach( $userGroup in $userGroups )
#if( $allowedGroups.contains($userGroup) )
#set( $isStaticGroupAuthorized = true )
#break
#end
#end
## Authorization rule: { allow: groups, groups: ["EngineerGroup"], groupClaim: "cognito:groups" } **
#set( $userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []) )
#set( $allowedGroups = ["EngineerGroup"] )
#foreach( $userGroup in $userGroups )
#if( $allowedGroups.contains($userGroup) )
#set( $isStaticGroupAuthorized = true )
#break
#end
#end
## [End] Static Group Authorization Checks **
#if( ! $isStaticGroupAuthorized )
## No dynamic group authorization rules **
## No owner authorization rules **
## [Start] Collect Auth Condition **
#set( $authCondition = $util.defaultIfNull($authCondition, {
"expression": "",
"expressionNames": {},
"expressionValues": {}
}) )
#set( $totalAuthExpression = "" )
## Add dynamic group auth conditions if they exist **
#if( $groupAuthExpressions )
#foreach( $authExpr in $groupAuthExpressions )
#set( $totalAuthExpression = "$totalAuthExpression $authExpr" )
#if( $foreach.hasNext )
#set( $totalAuthExpression = "$totalAuthExpression OR" )
#end
#end
#end
#if( $groupAuthExpressionNames )
$util.qr($authCondition.expressionNames.putAll($groupAuthExpressionNames))
#end
#if( $groupAuthExpressionValues )
$util.qr($authCondition.expressionValues.putAll($groupAuthExpressionValues))
#end
## Add owner auth conditions if they exist **
#if( $totalAuthExpression != "" && $ownerAuthExpressions && $ownerAuthExpressions.size() > 0 )
#set( $totalAuthExpression = "$totalAuthExpression OR" )
#end
#if( $ownerAuthExpressions )
#foreach( $authExpr in $ownerAuthExpressions )
#set( $totalAuthExpression = "$totalAuthExpression $authExpr" )
#if( $foreach.hasNext )
#set( $totalAuthExpression = "$totalAuthExpression OR" )
#end
#end
#end
#if( $ownerAuthExpressionNames )
$util.qr($authCondition.expressionNames.putAll($ownerAuthExpressionNames))
#end
#if( $ownerAuthExpressionValues )
$util.qr($authCondition.expressionValues.putAll($ownerAuthExpressionValues))
#end
## Set final expression if it has changed. **
#if( $totalAuthExpression != "" )
#if( $util.isNullOrEmpty($authCondition.expression) )
#set( $authCondition.expression = "($totalAuthExpression)" )
#else
#set( $authCondition.expression = "$authCondition.expression AND ($totalAuthExpression)" )
#end
#end
## [End] Collect Auth Condition **
#end
## [Start] Throw if unauthorized **
#if( !($isStaticGroupAuthorized == true || ($totalAuthExpression != "")) )
$util.unauthorized()
#end
## [End] Throw if unauthorized **
#end
## [End] Check authMode and execute owner/group checks **
## [Start] Validate update mutation for @key 'ByDevice'. **
#set( $hasSeenSomeKeyArg = false )
#set( $keyFieldNames = ["areaName", "status", "processName", "stationName", "deviceName", "created"] )
#foreach( $keyFieldName in $keyFieldNames )
#if( $ctx.args.input.containsKey("$keyFieldName") ) #set( $hasSeenSomeKeyArg = true ) #end
#end
#foreach( $keyFieldName in $keyFieldNames )
#if( $hasSeenSomeKeyArg && !$ctx.args.input.containsKey("$keyFieldName") )
$util.error("When updating any part of the composite sort key for @key 'ByDevice', you must provide all fields for the key. Missing key: '$keyFieldName'.")
#end
#end
## [End] Validate update mutation for @key 'ByDevice'. **
#if( $util.isNull($dynamodbNameOverrideMap) )
#set( $dynamodbNameOverrideMap = {
"areaName#status#processName#stationName#deviceName#created": "areaNameStatusProcessNameStationNameDeviceNameCreated"
} )
#else
$util.qr($dynamodbNameOverrideMap.put("areaName#status#processName#stationName#deviceName#created", "areaNameStatusProcessNameStationNameDeviceNameCreated"))
#end
$util.qr($ctx.args.input.put("areaName#status#processName#stationName#deviceName#created","\${ctx.args.input.areaName}#\${ctx.args.input.status}#\${ctx.args.input.processName}#\${ctx.args.input.stationName}#\${ctx.args.input.deviceName}#\${ctx.args.input.created}"))
## [Start] Validate update mutation for @key 'BySiteAreaStatus'. **
#set( $hasSeenSomeKeyArg = false )
#set( $keyFieldNames = ["areaName", "status", "processName", "eventDescription", "stationName", "deviceName", "created"] )
#foreach( $keyFieldName in $keyFieldNames )
#if( $ctx.args.input.containsKey("$keyFieldName") ) #set( $hasSeenSomeKeyArg = true ) #end
#end
#foreach( $keyFieldName in $keyFieldNames )
#if( $hasSeenSomeKeyArg && !$ctx.args.input.containsKey("$keyFieldName") )
$util.error("When updating any part of the composite sort key for @key 'BySiteAreaStatus', you must provide all fields for the key. Missing key: '$keyFieldName'.")
#end
#end
## [End] Validate update mutation for @key 'BySiteAreaStatus'. **
#if( $util.isNull($dynamodbNameOverrideMap) )
#set( $dynamodbNameOverrideMap = {
"areaName#status#processName#eventDescription#stationName#deviceName#created": "areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated"
} )
#else
$util.qr($dynamodbNameOverrideMap.put("areaName#status#processName#eventDescription#stationName#deviceName#created", "areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated"))
#end
$util.qr($ctx.args.input.put("areaName#status#processName#eventDescription#stationName#deviceName#created","\${ctx.args.input.areaName}#\${ctx.args.input.status}#\${ctx.args.input.processName}#\${ctx.args.input.eventDescription}#\${ctx.args.input.stationName}#\${ctx.args.input.deviceName}#\${ctx.args.input.created}"))
## [Start] Set the primary @key. **
#set( $modelObjectKey = {
"id": $util.dynamodb.toDynamoDB($ctx.args.input.id)
} )
## [End] Set the primary @key. **
## [Start] Inject @versioned condition.. **
#set( $versionedCondition = {
"expression": "#version = :expectedVersion",
"expressionValues": {
":expectedVersion": $util.dynamodb.toDynamoDB($ctx.args.input.expectedVersion)
},
"expressionNames": {
"#version": "version"
}
} )
#set( $newVersion = $ctx.args.input.expectedVersion + 1 )
$util.qr($ctx.args.input.put("version", $newVersion))
$util.qr($ctx.args.input.remove("expectedVersion"))
## [End] Inject @versioned condition.. **
#if( $authCondition && $authCondition.expression != "" )
#set( $condition = $authCondition )
#if( $modelObjectKey )
#foreach( $entry in $modelObjectKey.entrySet() )
$util.qr($condition.put("expression", "$condition.expression AND attribute_exists(#keyCondition$velocityCount)"))
$util.qr($condition.expressionNames.put("#keyCondition$velocityCount", "$entry.key"))
#end
#else
$util.qr($condition.put("expression", "$condition.expression AND attribute_exists(#id)"))
$util.qr($condition.expressionNames.put("#id", "id"))
#end
#else
#if( $modelObjectKey )
#set( $condition = {
"expression": "",
"expressionNames": {},
"expressionValues": {}
} )
#foreach( $entry in $modelObjectKey.entrySet() )
#if( $velocityCount == 1 )
$util.qr($condition.put("expression", "attribute_exists(#keyCondition$velocityCount)"))
#else
$util.qr($condition.put("expression", "$condition.expression AND attribute_exists(#keyCondition$velocityCount)"))
#end
$util.qr($condition.expressionNames.put("#keyCondition$velocityCount", "$entry.key"))
#end
#else
#set( $condition = {
"expression": "attribute_exists(#id)",
"expressionNames": {
"#id": "id"
},
"expressionValues": {}
} )
#end
#end
## Automatically set the updatedAt timestamp. **
$util.qr($context.args.input.put("updatedAt", $util.defaultIfNull($ctx.args.input.updatedAt, $util.time.nowISO8601())))
## Update condition if type is @versioned **
#if( $versionedCondition )
$util.qr($condition.put("expression", "($condition.expression) AND $versionedCondition.expression"))
$util.qr($condition.expressionNames.putAll($versionedCondition.expressionNames))
$util.qr($condition.expressionValues.putAll($versionedCondition.expressionValues))
#end
#if( $context.args.condition )
#set( $conditionFilterExpressions = $util.parseJson($util.transform.toDynamoDBConditionExpression($context.args.condition)) )
$util.qr($condition.put("expression", "($condition.expression) AND $conditionFilterExpressions.expression"))
$util.qr($condition.expressionNames.putAll($conditionFilterExpressions.expressionNames))
$util.qr($condition.expressionValues.putAll($conditionFilterExpressions.expressionValues))
#end
#if( $condition.expressionValues && $condition.expressionValues.size() == 0 )
#set( $condition = {
"expression": $condition.expression,
"expressionNames": $condition.expressionNames
} )
#end
#set( $expNames = {} )
#set( $expValues = {} )
#set( $expSet = {} )
#set( $expAdd = {} )
#set( $expRemove = [] )
#if( $modelObjectKey )
#set( $keyFields = [] )
#foreach( $entry in $modelObjectKey.entrySet() )
$util.qr($keyFields.add("$entry.key"))
#end
#else
#set( $keyFields = ["id"] )
#end
#foreach( $entry in $util.map.copyAndRemoveAllKeys($context.args.input, $keyFields).entrySet() )
#if( !$util.isNull($dynamodbNameOverrideMap) && $dynamodbNameOverrideMap.containsKey("$entry.key") )
#set( $entryKeyAttributeName = $dynamodbNameOverrideMap.get("$entry.key") )
#else
#set( $entryKeyAttributeName = $entry.key )
#end
#if( $util.isNull($entry.value) )
#set( $discard = $expRemove.add("#$entryKeyAttributeName") )
$util.qr($expNames.put("#$entryKeyAttributeName", "$entry.key"))
#else
$util.qr($expSet.put("#$entryKeyAttributeName", ":$entryKeyAttributeName"))
$util.qr($expNames.put("#$entryKeyAttributeName", "$entry.key"))
$util.qr($expValues.put(":$entryKeyAttributeName", $util.dynamodb.toDynamoDB($entry.value)))
#end
#end
#set( $expression = "" )
#if( !$expSet.isEmpty() )
#set( $expression = "SET" )
#foreach( $entry in $expSet.entrySet() )
#set( $expression = "$expression $entry.key = $entry.value" )
#if( $foreach.hasNext() )
#set( $expression = "$expression," )
#end
#end
#end
#if( !$expAdd.isEmpty() )
#set( $expression = "$expression ADD" )
#foreach( $entry in $expAdd.entrySet() )
#set( $expression = "$expression $entry.key $entry.value" )
#if( $foreach.hasNext() )
#set( $expression = "$expression," )
#end
#end
#end
#if( !$expRemove.isEmpty() )
#set( $expression = "$expression REMOVE" )
#foreach( $entry in $expRemove )
#set( $expression = "$expression $entry" )
#if( $foreach.hasNext() )
#set( $expression = "$expression," )
#end
#end
#end
#set( $update = {} )
$util.qr($update.put("expression", "$expression"))
#if( !$expNames.isEmpty() )
$util.qr($update.put("expressionNames", $expNames))
#end
#if( !$expValues.isEmpty() )
$util.qr($update.put("expressionValues", $expValues))
#end
{
"version": "2017-02-28",
"operation": "UpdateItem",
"key": #if( $modelObjectKey ) $util.toJson($modelObjectKey) #else {
"id": {
"S": "$context.args.input.id"
}
} #end,
"update": $util.toJson($update),
"condition": $util.toJson($condition)
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
"TypeName": "Mutation",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiNoneDataSource58DD79A0": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"Name": "NoneDataSource",
"Type": "NONE",
},
"Type": "AWS::AppSync::DataSource",
},
"BackEndAppSyncApiGraphqlApiProcessareaResolver27F9051F": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"FieldName": "area",
"Kind": "UNIT",
"RequestMappingTemplate": "{
"version": "2017-02-28",
"operation": "GetItem",
"key": {
"id": $util.dynamodb.toDynamoDBJson($util.defaultIfNullOrBlank($ctx.source.processAreaId, "___xamznone____")),
"type": $util.dynamodb.toDynamoDBJson("AREA")
}
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
"TypeName": "Process",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiProcesseventResolverA1651E99": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"FieldName": "event",
"Kind": "UNIT",
"RequestMappingTemplate": "#set( $limit = $util.defaultIfNull($context.args.limit, 10) )
{
"version": "2017-02-28",
"operation": "Query",
"query": {
"expressionNames": {
"#type": "type",
"#parent": "parentId"
},
"expressionValues": {
":type": $util.dynamodb.toDynamoDBJson("EVENT"),
":parent": $util.dynamodb.toDynamoDBJson($ctx.source.id)
},
"expression": "#type = :type and #parent = :parent"
},
"scanIndexForward": #if( $context.args.sortDirection )
#if( $context.args.sortDirection == "ASC" )
true
#else
false
#end
#else
true
#end,
"filter": #if( $context.args.filter )
$util.transform.toDynamoDBFilterExpression($ctx.args.filter)
#else
null
#end,
"limit": $limit,
"nextToken": #if( $context.args.nextToken )
"$context.args.nextToken"
#else
null
#end,
"index": "ByTypeAndParent-index"
}
",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
"TypeName": "Process",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiQuerygetAreaResolver01B71D8A": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"FieldName": "getArea",
"Kind": "UNIT",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup","ManagerGroup","EngineerGroup","AssociateGroup"])
## If the request is to get a site, an area, a station, or a process, only AdminGroup can access the data.
## The other case would be getting a user permission by every group users.
#if ($ctx.args.id)
## For 'getEvent' and 'getPermission', do not restrict to only the AdminGroup
#if ($ctx.info.fieldName != "getEvent" && $ctx.info.fieldName != "getPermission")
#set ($allowedGroups = ["AdminGroup"])
#end
#end
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
## If it needs to get permission, and the user is only in AssociateGroup, get permission.
#if ($ctx.stash.permissionCheck)
#if ($userGroups.size() == 1 && $userGroups.contains("AssociateGroup"))
{
"version": "2017-02-28",
"operation": "GetItem",
"key": {
"id": { "S": "$ctx.identity.sub" },
"type": $util.dynamodb.toDynamoDBJson("PERMISSION")
}
}
#else
#return({})
#end
#else
{
"version": "2017-02-28",
"operation": "GetItem",
"key": {
"id": $util.dynamodb.toDynamoDBJson($ctx.args.id),
"type": $util.dynamodb.toDynamoDBJson($ctx.args.type)
}
}
#end",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
"TypeName": "Query",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiQuerygetEventResolver6CA4F172": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"FieldName": "getEvent",
"Kind": "UNIT",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup","ManagerGroup","EngineerGroup","AssociateGroup"])
## If the request is to get a site, an area, a station, or a process, only AdminGroup can access the data.
## The other case would be getting a user permission by every group users.
#if ($ctx.args.id)
## For 'getEvent' and 'getPermission', do not restrict to only the AdminGroup
#if ($ctx.info.fieldName != "getEvent" && $ctx.info.fieldName != "getPermission")
#set ($allowedGroups = ["AdminGroup"])
#end
#end
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
## If it needs to get permission, and the user is only in AssociateGroup, get permission.
#if ($ctx.stash.permissionCheck)
#if ($userGroups.size() == 1 && $userGroups.contains("AssociateGroup"))
{
"version": "2017-02-28",
"operation": "GetItem",
"key": {
"id": { "S": "$ctx.identity.sub" },
"type": $util.dynamodb.toDynamoDBJson("PERMISSION")
}
}
#else
#return({})
#end
#else
{
"version": "2017-02-28",
"operation": "GetItem",
"key": {
"id": $util.dynamodb.toDynamoDBJson($ctx.args.id),
"type": $util.dynamodb.toDynamoDBJson($ctx.args.type)
}
}
#end",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
"TypeName": "Query",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiQuerygetPermissionResolverC8D7313E": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"FieldName": "getPermission",
"Kind": "UNIT",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup","ManagerGroup","EngineerGroup","AssociateGroup"])
## If the request is to get a site, an area, a station, or a process, only AdminGroup can access the data.
## The other case would be getting a user permission by every group users.
#if ($ctx.args.id)
## For 'getEvent' and 'getPermission', do not restrict to only the AdminGroup
#if ($ctx.info.fieldName != "getEvent" && $ctx.info.fieldName != "getPermission")
#set ($allowedGroups = ["AdminGroup"])
#end
#end
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
## If it needs to get permission, and the user is only in AssociateGroup, get permission.
#if ($ctx.stash.permissionCheck)
#if ($userGroups.size() == 1 && $userGroups.contains("AssociateGroup"))
{
"version": "2017-02-28",
"operation": "GetItem",
"key": {
"id": { "S": "$ctx.identity.sub" },
"type": $util.dynamodb.toDynamoDBJson("PERMISSION")
}
}
#else
#return({})
#end
#else
{
"version": "2017-02-28",
"operation": "GetItem",
"key": {
"id": $util.dynamodb.toDynamoDBJson($ctx.args.id),
"type": $util.dynamodb.toDynamoDBJson($ctx.args.type)
}
}
#end",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
"TypeName": "Query",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiQuerygetProcessResolverAEC5755C": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"FieldName": "getProcess",
"Kind": "UNIT",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup","ManagerGroup","EngineerGroup","AssociateGroup"])
## If the request is to get a site, an area, a station, or a process, only AdminGroup can access the data.
## The other case would be getting a user permission by every group users.
#if ($ctx.args.id)
## For 'getEvent' and 'getPermission', do not restrict to only the AdminGroup
#if ($ctx.info.fieldName != "getEvent" && $ctx.info.fieldName != "getPermission")
#set ($allowedGroups = ["AdminGroup"])
#end
#end
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
## If it needs to get permission, and the user is only in AssociateGroup, get permission.
#if ($ctx.stash.permissionCheck)
#if ($userGroups.size() == 1 && $userGroups.contains("AssociateGroup"))
{
"version": "2017-02-28",
"operation": "GetItem",
"key": {
"id": { "S": "$ctx.identity.sub" },
"type": $util.dynamodb.toDynamoDBJson("PERMISSION")
}
}
#else
#return({})
#end
#else
{
"version": "2017-02-28",
"operation": "GetItem",
"key": {
"id": $util.dynamodb.toDynamoDBJson($ctx.args.id),
"type": $util.dynamodb.toDynamoDBJson($ctx.args.type)
}
}
#end",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
"TypeName": "Query",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiQuerygetSiteResolver58A3A49B": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"FieldName": "getSite",
"Kind": "UNIT",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup","ManagerGroup","EngineerGroup","AssociateGroup"])
## If the request is to get a site, an area, a station, or a process, only AdminGroup can access the data.
## The other case would be getting a user permission by every group users.
#if ($ctx.args.id)
## For 'getEvent' and 'getPermission', do not restrict to only the AdminGroup
#if ($ctx.info.fieldName != "getEvent" && $ctx.info.fieldName != "getPermission")
#set ($allowedGroups = ["AdminGroup"])
#end
#end
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
## If it needs to get permission, and the user is only in AssociateGroup, get permission.
#if ($ctx.stash.permissionCheck)
#if ($userGroups.size() == 1 && $userGroups.contains("AssociateGroup"))
{
"version": "2017-02-28",
"operation": "GetItem",
"key": {
"id": { "S": "$ctx.identity.sub" },
"type": $util.dynamodb.toDynamoDBJson("PERMISSION")
}
}
#else
#return({})
#end
#else
{
"version": "2017-02-28",
"operation": "GetItem",
"key": {
"id": $util.dynamodb.toDynamoDBJson($ctx.args.id),
"type": $util.dynamodb.toDynamoDBJson($ctx.args.type)
}
}
#end",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
"TypeName": "Query",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiQuerygetStationResolver3D2A783F": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"FieldName": "getStation",
"Kind": "UNIT",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup","ManagerGroup","EngineerGroup","AssociateGroup"])
## If the request is to get a site, an area, a station, or a process, only AdminGroup can access the data.
## The other case would be getting a user permission by every group users.
#if ($ctx.args.id)
## For 'getEvent' and 'getPermission', do not restrict to only the AdminGroup
#if ($ctx.info.fieldName != "getEvent" && $ctx.info.fieldName != "getPermission")
#set ($allowedGroups = ["AdminGroup"])
#end
#end
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
## If it needs to get permission, and the user is only in AssociateGroup, get permission.
#if ($ctx.stash.permissionCheck)
#if ($userGroups.size() == 1 && $userGroups.contains("AssociateGroup"))
{
"version": "2017-02-28",
"operation": "GetItem",
"key": {
"id": { "S": "$ctx.identity.sub" },
"type": $util.dynamodb.toDynamoDBJson("PERMISSION")
}
}
#else
#return({})
#end
#else
{
"version": "2017-02-28",
"operation": "GetItem",
"key": {
"id": $util.dynamodb.toDynamoDBJson($ctx.args.id),
"type": $util.dynamodb.toDynamoDBJson($ctx.args.type)
}
}
#end",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
"TypeName": "Query",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiQueryissuesByDeviceResolverA2CF0EDF": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"FieldName": "issuesByDevice",
"Kind": "PIPELINE",
"PipelineConfig": {
"Functions": [
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiGetPermissionsForAssociateGroupUserFunctionB66575E8",
"FunctionId",
],
},
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiListIssuesByDeviceFunction70D8CF1D",
"FunctionId",
],
},
],
},
"RequestMappingTemplate": "$util.qr($ctx.stash.put("permissionCheck", true))
$util.qr($ctx.stash.put("type", "issue"))
{}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB.
$util.toJson($ctx.prev.result)",
"TypeName": "Query",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiQueryissuesBySiteAreaStatusResolverDD3AA753": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiIssueDataSourceFCF50787",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "IssueDataSource",
"FieldName": "issuesBySiteAreaStatus",
"Kind": "UNIT",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup","ManagerGroup","EngineerGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
## [Start] Set query expression for @key **
#set( $modelQueryExpression = {} )
## [Start] Validate key arguments. **
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated) && $util.isNullOrBlank($ctx.args.siteName) )
$util.error("When providing argument 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated' you must also provide 'siteName'.", "InvalidArgumentsError")
#end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated) )
#set( $sortKeyArgumentOperations = $ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.keySet() )
#if( $sortKeyArgumentOperations.size() > 1 )
$util.error("Argument areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated must specify at most one key condition operation.", "InvalidArgumentsError")
#end
#foreach( $operation in $sortKeyArgumentOperations )
#if( $operation == "between" )
#if( $ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between.size() != 2 )
$util.error("Argument 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between' expects exactly two elements.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].created) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].deviceName) )
$util.error("When providing argument 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].created' you must also provide 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].deviceName'.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].created) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].deviceName) )
$util.error("When providing argument 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].created' you must also provide 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].deviceName'.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].deviceName) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].stationName) )
$util.error("When providing argument 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].deviceName' you must also provide 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].stationName'.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].deviceName) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].stationName) )
$util.error("When providing argument 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].deviceName' you must also provide 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].stationName'.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].stationName) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].eventDescription) )
$util.error("When providing argument 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].stationName' you must also provide 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].eventDescription'.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].stationName) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].eventDescription) )
$util.error("When providing argument 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].stationName' you must also provide 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].eventDescription'.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].eventDescription) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].processName) )
$util.error("When providing argument 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].eventDescription' you must also provide 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].processName'.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].eventDescription) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].processName) )
$util.error("When providing argument 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].eventDescription' you must also provide 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].processName'.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].processName) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].status) )
$util.error("When providing argument 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].processName' you must also provide 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].status'.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].processName) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].status) )
$util.error("When providing argument 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].processName' you must also provide 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].status'.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].status) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].areaName) )
$util.error("When providing argument 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].status' you must also provide 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].areaName'.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].status) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].areaName) )
$util.error("When providing argument 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].status' you must also provide 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].areaName'.", "InvalidArgumentsError")
#end
#else
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.get("$operation").created) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.get("$operation").deviceName) )
$util.error("When providing argument 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.$operation.created' you must also provide 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.$operation.deviceName'.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.get("$operation").deviceName) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.get("$operation").stationName) )
$util.error("When providing argument 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.$operation.deviceName' you must also provide 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.$operation.stationName'.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.get("$operation").stationName) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.get("$operation").eventDescription) )
$util.error("When providing argument 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.$operation.stationName' you must also provide 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.$operation.eventDescription'.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.get("$operation").eventDescription) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.get("$operation").processName) )
$util.error("When providing argument 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.$operation.eventDescription' you must also provide 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.$operation.processName'.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.get("$operation").processName) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.get("$operation").status) )
$util.error("When providing argument 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.$operation.processName' you must also provide 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.$operation.status'.", "InvalidArgumentsError")
#end
#if( !$util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.get("$operation").status) && $util.isNullOrBlank($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.get("$operation").areaName) )
$util.error("When providing argument 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.$operation.status' you must also provide 'areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.$operation.areaName'.", "InvalidArgumentsError")
#end
#end
#end
#end
## [End] Validate key arguments. **
#if( !$util.isNull($ctx.args.siteName) )
#set( $modelQueryExpression.expression = "#siteName = :siteName" )
#set( $modelQueryExpression.expressionNames = {
"#siteName": "siteName"
} )
#set( $modelQueryExpression.expressionValues = {
":siteName": {
"S": "$ctx.args.siteName"
}
} )
#end
## [Start] Applying Key Condition **
#set( $sortKeyValue = "" )
#set( $sortKeyValue2 = "" )
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated) && !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.beginsWith) && $ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.beginsWith.areaName != "all")
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.beginsWith.areaName) ) #set( $sortKeyValue = "$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.beginsWith.areaName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.beginsWith.status) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.beginsWith.status" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.beginsWith.processName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.beginsWith.processName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.beginsWith.eventDescription) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.beginsWith.eventDescription" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.beginsWith.stationName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.beginsWith.stationName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.beginsWith.deviceName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.beginsWith.deviceName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.beginsWith.created) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.beginsWith.created" ) #end
#set( $modelQueryExpression.expression = "$modelQueryExpression.expression AND begins_with(#sortKey, :sortKey)" )
$util.qr($modelQueryExpression.expressionNames.put("#sortKey", "areaName#status#processName#eventDescription#stationName#deviceName#created"))
$util.qr($modelQueryExpression.expressionValues.put(":sortKey", { "S": "$sortKeyValue" }))
#end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated) && !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between) )
#if( $ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between.size() != 2 )
$util.error("Argument areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between expects exactly 2 elements.")
#end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].areaName) ) #set( $sortKeyValue = "$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].areaName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].status) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].status" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].processName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].processName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].eventDescription) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].eventDescription" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].stationName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].stationName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].deviceName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].deviceName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].created) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[0].created" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].areaName) ) #set( $sortKeyValue2 = "$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].areaName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].status) ) #set( $sortKeyValue2 = "$sortKeyValue2#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].status" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].processName) ) #set( $sortKeyValue2 = "$sortKeyValue2#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].processName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].eventDescription) ) #set( $sortKeyValue2 = "$sortKeyValue2#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].eventDescription" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].stationName) ) #set( $sortKeyValue2 = "$sortKeyValue2#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].stationName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].deviceName) ) #set( $sortKeyValue2 = "$sortKeyValue2#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].deviceName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].created) ) #set( $sortKeyValue2 = "$sortKeyValue2#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.between[1].created" ) #end
#set( $modelQueryExpression.expression = "$modelQueryExpression.expression AND #sortKey BETWEEN :sortKey0 AND :sortKey1" )
$util.qr($modelQueryExpression.expressionNames.put("#sortKey", "areaName#status#processName#eventDescription#stationName#deviceName#created"))
$util.qr($modelQueryExpression.expressionValues.put(":sortKey0", { "S": "$sortKeyValue" }))
$util.qr($modelQueryExpression.expressionValues.put(":sortKey1", { "S": "$sortKeyValue2" }))
#end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated) && !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.eq) )
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.eq.areaName) ) #set( $sortKeyValue = "$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.eq.areaName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.eq.status) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.eq.status" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.eq.processName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.eq.processName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.eq.eventDescription) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.eq.eventDescription" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.eq.stationName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.eq.stationName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.eq.deviceName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.eq.deviceName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.eq.created) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.eq.created" ) #end
#set( $modelQueryExpression.expression = "$modelQueryExpression.expression AND #sortKey = :sortKey" )
$util.qr($modelQueryExpression.expressionNames.put("#sortKey", "areaName#status#processName#eventDescription#stationName#deviceName#created"))
$util.qr($modelQueryExpression.expressionValues.put(":sortKey", { "S": "$sortKeyValue" }))
#end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated) && !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.lt) )
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.lt.areaName) ) #set( $sortKeyValue = "$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.lt.areaName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.lt.status) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.lt.status" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.lt.processName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.lt.processName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.lt.eventDescription) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.lt.eventDescription" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.lt.stationName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.lt.stationName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.lt.deviceName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.lt.deviceName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.lt.created) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.lt.created" ) #end
#set( $modelQueryExpression.expression = "$modelQueryExpression.expression AND #sortKey < :sortKey" )
$util.qr($modelQueryExpression.expressionNames.put("#sortKey", "areaName#status#processName#eventDescription#stationName#deviceName#created"))
$util.qr($modelQueryExpression.expressionValues.put(":sortKey", { "S": "$sortKeyValue" }))
#end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated) && !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.le) )
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.le.areaName) ) #set( $sortKeyValue = "$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.le.areaName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.le.status) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.le.status" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.le.processName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.le.processName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.le.eventDescription) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.le.eventDescription" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.le.stationName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.le.stationName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.le.deviceName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.le.deviceName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.le.created) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.le.created" ) #end
#set( $modelQueryExpression.expression = "$modelQueryExpression.expression AND #sortKey <= :sortKey" )
$util.qr($modelQueryExpression.expressionNames.put("#sortKey", "areaName#status#processName#eventDescription#stationName#deviceName#created"))
$util.qr($modelQueryExpression.expressionValues.put(":sortKey", { "S": "$sortKeyValue" }))
#end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated) && !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.gt) )
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.gt.areaName) ) #set( $sortKeyValue = "$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.gt.areaName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.gt.status) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.gt.status" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.gt.processName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.gt.processName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.gt.eventDescription) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.gt.eventDescription" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.gt.stationName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.gt.stationName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.gt.deviceName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.gt.deviceName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.gt.created) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.gt.created" ) #end
#set( $modelQueryExpression.expression = "$modelQueryExpression.expression AND #sortKey > :sortKey" )
$util.qr($modelQueryExpression.expressionNames.put("#sortKey", "areaName#status#processName#eventDescription#stationName#deviceName#created"))
$util.qr($modelQueryExpression.expressionValues.put(":sortKey", { "S": "$sortKeyValue" }))
#end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated) && !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.ge) )
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.ge.areaName) ) #set( $sortKeyValue = "$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.ge.areaName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.ge.status) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.ge.status" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.ge.processName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.ge.processName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.ge.eventDescription) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.ge.eventDescription" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.ge.stationName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.ge.stationName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.ge.deviceName) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.ge.deviceName" ) #end
#if( !$util.isNull($ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.ge.created) ) #set( $sortKeyValue = "$sortKeyValue#$ctx.args.areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated.ge.created" ) #end
#set( $modelQueryExpression.expression = "$modelQueryExpression.expression AND #sortKey >= :sortKey" )
$util.qr($modelQueryExpression.expressionNames.put("#sortKey", "areaName#status#processName#eventDescription#stationName#deviceName#created"))
$util.qr($modelQueryExpression.expressionValues.put(":sortKey", { "S": "$sortKeyValue" }))
#end
## [End] Applying Key Condition **
## [End] Set query expression for @key **
#set( $limit = $util.defaultIfNull($context.args.limit, 10) )
#set( $QueryRequest = {
"version": "2017-02-28",
"operation": "Query",
"limit": $limit,
"query": $modelQueryExpression,
"index": "BySiteAreaStatus-index"
} )
#if( !$util.isNull($ctx.args.sortDirection)
&& $ctx.args.sortDirection == "DESC" )
#set( $QueryRequest.scanIndexForward = false )
#else
#set( $QueryRequest.scanIndexForward = true )
#end
#if( $context.args.nextToken ) #set( $QueryRequest.nextToken = "$context.args.nextToken" ) #end
#if( $context.args.filter ) #set( $QueryRequest.filter = $util.parseJson("$util.transform.toDynamoDBFilterExpression($ctx.args.filter)") ) #end
$util.toJson($QueryRequest)",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
"TypeName": "Query",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiQuerylistAreasResolver70007576": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"FieldName": "listAreas",
"Kind": "PIPELINE",
"PipelineConfig": {
"Functions": [
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiGetPermissionsForAssociateGroupUserFunctionB66575E8",
"FunctionId",
],
},
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiListAreasFunctionE2DF0F8E",
"FunctionId",
],
},
],
},
"RequestMappingTemplate": "$util.qr($ctx.stash.put("permissionCheck", true))
$util.qr($ctx.stash.put("type", "area"))
{}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB.
$util.toJson($ctx.prev.result)",
"TypeName": "Query",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiQuerylistDevicesResolverD3321F1D": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"FieldName": "listDevices",
"Kind": "PIPELINE",
"PipelineConfig": {
"Functions": [
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiGetPermissionsForAssociateGroupUserFunctionB66575E8",
"FunctionId",
],
},
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiListDevicesFunction24215504",
"FunctionId",
],
},
],
},
"RequestMappingTemplate": "$util.qr($ctx.stash.put("permissionCheck", true))
$util.qr($ctx.stash.put("type", "device"))
{}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB.
$util.toJson($ctx.prev.result)",
"TypeName": "Query",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiQuerylistEventsResolver9FDD8C0D": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"FieldName": "listEvents",
"Kind": "PIPELINE",
"PipelineConfig": {
"Functions": [
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiGetPermissionsForAssociateGroupUserFunctionB66575E8",
"FunctionId",
],
},
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiListEventsFunctionFCC0D3A2",
"FunctionId",
],
},
],
},
"RequestMappingTemplate": "$util.qr($ctx.stash.put("permissionCheck", true))
$util.qr($ctx.stash.put("type", "event"))
{}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB.
$util.toJson($ctx.prev.result)",
"TypeName": "Query",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiQuerylistPermissionsResolverEDC8BC66": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"FieldName": "listPermissions",
"Kind": "UNIT",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
{
"version": "2017-02-28",
"operation": "Query",
"index": "ByTypeAndParent-index",
"limit": $util.defaultIfNull($ctx.args.limit, 50),
#if( $ctx.args.nextToken )
"nextToken": "$ctx.args.nextToken",
#end
"query": {
"expression": "#type = :type and #parent = :parent",
"expressionNames": {
"#type": "type",
"#parent": "parentId"
},
"expressionValues": {
":type": $util.dynamodb.toDynamoDBJson("PERMISSION"),
":parent": $util.dynamodb.toDynamoDBJson("NONE")
}
}
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
"TypeName": "Query",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiQuerylistProcessesResolverAE2E31D1": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"FieldName": "listProcesses",
"Kind": "PIPELINE",
"PipelineConfig": {
"Functions": [
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiGetPermissionsForAssociateGroupUserFunctionB66575E8",
"FunctionId",
],
},
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiListProcessesFunction8D6BC2E6",
"FunctionId",
],
},
],
},
"RequestMappingTemplate": "$util.qr($ctx.stash.put("permissionCheck", true))
$util.qr($ctx.stash.put("type", "process"))
{}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB.
$util.toJson($ctx.prev.result)",
"TypeName": "Query",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiQuerylistRootCausesResolverED6C685C": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"FieldName": "listRootCauses",
"Kind": "UNIT",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup","ManagerGroup","EngineerGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
{
"version": "2017-02-28",
"operation": "Query",
"index": "ByTypeAndName-index",
"limit": $util.defaultIfNull($ctx.args.limit, 50),
#if( $ctx.args.nextToken )
"nextToken": "$ctx.args.nextToken",
#end
"query": {
"expression": "#type = :type",
"expressionNames": {
"#type": "type"
},
"expressionValues": {
":type": $util.dynamodb.toDynamoDBJson("ROOT_CAUSE")
}
}
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
"TypeName": "Query",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiQuerylistSitesResolver692CDB80": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"FieldName": "listSites",
"Kind": "PIPELINE",
"PipelineConfig": {
"Functions": [
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiGetPermissionsForAssociateGroupUserFunctionB66575E8",
"FunctionId",
],
},
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiListSitesFunction9A55BE6D",
"FunctionId",
],
},
],
},
"RequestMappingTemplate": "$util.qr($ctx.stash.put("permissionCheck", true))
$util.qr($ctx.stash.put("type", "site"))
{}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB.
$util.toJson($ctx.prev.result)",
"TypeName": "Query",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiQuerylistStationsResolver7D052C15": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"FieldName": "listStations",
"Kind": "PIPELINE",
"PipelineConfig": {
"Functions": [
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiGetPermissionsForAssociateGroupUserFunctionB66575E8",
"FunctionId",
],
},
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApiListStationsFunctionCB1BAC37",
"FunctionId",
],
},
],
},
"RequestMappingTemplate": "$util.qr($ctx.stash.put("permissionCheck", true))
$util.qr($ctx.stash.put("type", "station"))
{}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB.
$util.toJson($ctx.prev.result)",
"TypeName": "Query",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiSchema569E0B17": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"Definition": "# Schema
schema {
query: Query
mutation: Mutation
subscription: Subscription
}
# Types
type Query {
getSite(id: ID!, type: String!): Site @aws_auth(cognito_groups: ["AdminGroup"])
listSites(limit: Int, nextToken: String): SiteConnection @aws_auth(cognito_groups: ["AdminGroup", "ManagerGroup", "EngineerGroup", "AssociateGroup"])
getArea(id: ID!, type: String!): Area @aws_auth(cognito_groups: ["AdminGroup"])
listAreas(areaSiteId: ID!, name: String, limit: Int, nextToken: String): AreaConnection @aws_auth(cognito_groups: ["AdminGroup", "ManagerGroup", "EngineerGroup", "AssociateGroup"])
getProcess(id: ID!, type: String!): Process @aws_auth(cognito_groups: ["AdminGroup"])
listProcesses(processAreaId: ID!, name: String, limit: Int, nextToken: String): ProcessConnection @aws_auth(cognito_groups: ["AdminGroup", "ManagerGroup", "EngineerGroup", "AssociateGroup"])
getEvent(id: ID!, type: String!): Event @aws_auth(cognito_groups: ["AdminGroup", "ManagerGroup", "EngineerGroup", "AssociateGroup"])
listEvents(parentId: ID, eventProcessId: ID, name: String, limit: Int, nextToken: String): EventConnection @aws_auth(cognito_groups: ["AdminGroup", "ManagerGroup", "EngineerGroup", "AssociateGroup"])
getStation(id: ID!, type: String!): Station @aws_auth(cognito_groups: ["AdminGroup"])
listStations(stationAreaId: ID!, name: String, limit: Int, nextToken: String): StationConnection @aws_auth(cognito_groups: ["AdminGroup", "ManagerGroup", "EngineerGroup", "AssociateGroup"])
listDevices(deviceStationId: ID!, name: String, limit: Int, nextToken: String): DeviceConnection @aws_auth(cognito_groups: ["AdminGroup", "ManagerGroup", "EngineerGroup", "AssociateGroup"])
issuesBySiteAreaStatus(
siteName: String,
areaNameStatusProcessNameEventDescriptionStationNameDeviceNameCreated: IssueBySiteAreaStatusCompositeKeyConditionInput,
filter: IssueFilterInput,
limit: Int,
nextToken: String
): IssueConnection @aws_auth(cognito_groups: ["AdminGroup", "ManagerGroup", "EngineerGroup"])
issuesByDevice(
siteName: String,
areaNameStatusProcessNameStationNameDeviceNameCreated: IssueByDeviceCompositeKeyConditionInput,
limit: Int,
nextToken: String
): IssueConnection @aws_auth(cognito_groups: ["AdminGroup", "ManagerGroup", "EngineerGroup", "AssociateGroup"])
getPermission(id: ID!, type: String!): Permission @aws_auth(cognito_groups: ["AdminGroup", "ManagerGroup", "EngineerGroup", "AssociateGroup"])
listPermissions(limit: Int, nextToken: String): PermissionConnection @aws_auth(cognito_groups: ["AdminGroup"])
listRootCauses(limit: Int, nextToken: String): RootCauseConnection @aws_auth(cognito_groups: ["AdminGroup", "ManagerGroup", "EngineerGroup"])
getPrevDayIssuesStats: PrevDayIssuesStats @aws_auth(cognito_groups: ["AdminGroup", "ManagerGroup"])
}
type Mutation {
createSite(id: ID, type: String!, name: String!, description: String!): Site @aws_auth(cognito_groups: ["AdminGroup"])
deleteSite(id: ID!, type: String!): Site @aws_auth(cognito_groups: ["AdminGroup"])
createArea(id: ID, type: String!, areaSiteId: ID!, name: String!, description: String!): Area @aws_auth(cognito_groups: ["AdminGroup"])
deleteArea(id: ID!, type: String!): Area @aws_auth(cognito_groups: ["AdminGroup"])
createProcess(id: ID, type: String!, processAreaId: ID!, name: String!, description: String!): Process @aws_auth(cognito_groups: ["AdminGroup"])
deleteProcess(id: ID!, type: String!): Process @aws_auth(cognito_groups: ["AdminGroup"])
createEvent(
id: ID,
type: String!,
eventProcessId: ID,
parentId: ID,
name: String!,
description: String!,
priority: Priority!,
sms: String,
email: String,
rootCauses: [String],
eventImgKey: String,
eventType: String,
alias: String
): Event @aws_auth(cognito_groups: ["AdminGroup"])
updateEvent(id: ID!, sms: String, email: String, previousSms: String, previousEmail: String, rootCauses: [String], eventImgKey: String, alias: String): Event @aws_auth(cognito_groups: ["AdminGroup"])
deleteEvent(id: ID!, type: String!): Event @aws_auth(cognito_groups: ["AdminGroup"])
createStation(id: ID, type: String!, stationAreaId: ID!, name: String!, description: String!): Station @aws_auth(cognito_groups: ["AdminGroup"])
deleteStation(id: ID!, type: String!): Station @aws_auth(cognito_groups: ["AdminGroup"])
createDevice(id: ID, type: String!, deviceStationId: ID!, name: String!, description: String!, alias: String): Device @aws_auth(cognito_groups: ["AdminGroup"])
deleteDevice(id: ID!, type: String!): Device @aws_auth(cognito_groups: ["AdminGroup"])
createIssue(input: CreateIssueInput!): Issue @aws_iam @aws_cognito_user_pools
updateIssue(input: UpdateIssueInput!): Issue @aws_iam @aws_cognito_user_pools
putPermission(input: PermissionInput!): Permission @aws_auth(cognito_groups: ["AdminGroup"])
deletePermission(id: ID!, type: String!): Permission @aws_auth(cognito_groups: ["AdminGroup"])
createRootCause(id: ID, type: String!, name: String!): RootCause @aws_auth(cognito_groups: ["AdminGroup"])
deleteRootCause(id: ID!, type: String!): RootCause @aws_auth(cognito_groups: ["AdminGroup"])
}
type Subscription {
onCreateIssue: Issue @aws_subscribe(mutations: ["createIssue"]) @aws_auth(cognito_groups: ["AdminGroup", "ManagerGroup", "EngineerGroup", "AssociateGroup"])
onUpdateIssue: Issue @aws_subscribe(mutations: ["updateIssue"]) @aws_auth(cognito_groups: ["AdminGroup", "ManagerGroup", "EngineerGroup", "AssociateGroup"])
onPutPermission: Permission @aws_subscribe(mutations: ["putPermission"]) @aws_auth(cognito_groups: ["AdminGroup", "ManagerGroup", "EngineerGroup", "AssociateGroup"])
onDeletePermission: Permission @aws_subscribe(mutations: ["deletePermission"]) @aws_auth(cognito_groups: ["AdminGroup", "ManagerGroup", "EngineerGroup", "AssociateGroup"])
onCreateRootCause: RootCause @aws_subscribe(mutations: ["createRootCause"]) @aws_auth(cognito_groups: ["AdminGroup"])
onDeleteRootCause: RootCause @aws_subscribe(mutations: ["deleteRootCause"]) @aws_auth(cognito_groups: ["AdminGroup"])
}
type Area {
id: ID!
type: String!
site: Site!
name: String!
process(
limit: Int,
nextToken: String
): ProcessConnection
station(
limit: Int,
nextToken: String
): StationConnection
description: String!
version: Int!
}
type AreaConnection {
items: [Area]
nextToken: String
}
type Device {
id: ID!
type: String!
name: String!
description: String!
station: Station!
version: Int!
alias: String
}
type DeviceConnection {
items: [Device]
nextToken: String
}
type Event {
id: ID!
type: String
name: String!
description: String!
priority: Priority!
sms: String
email: String
process: Process!
version: Int!
rootCauses: [String]
eventImgKey: String
eventType: String
alias: String
eventProcessId: ID!
parentId: ID!
}
type EventConnection {
items: [Event]
nextToken: String
}
type Issue @aws_iam @aws_cognito_user_pools {
id: ID!
eventId: String!
eventDescription: String!
type: String
priority: Priority!
siteName: String!
processName: String!
areaName: String!
stationName: String
deviceName: String
created: AWSDateTime!
createdAt: AWSDateTime
acknowledged: AWSDateTime
closed: AWSDateTime
resolutionTime: Int
acknowledgedTime: Int
status: Status!
version: Int!
rootCause: String
comment: String
issueSource: IssueSource!
createdBy: String!
closedBy: String
rejectedBy: String
acknowledgedBy: String
additionalDetails: String
}
type IssueConnection @aws_iam @aws_cognito_user_pools {
items: [Issue]
nextToken: String
}
type Permission {
id: ID!
type: String!
sites: [PermissionObject]
areas: [PermissionObject]
processes: [PermissionObject]
stations: [PermissionObject]
devices: [PermissionObject]
version: Int!
}
type PermissionConnection {
items: [Permission]
nextToken: String
}
type PermissionObject {
id: String!
name: String!
parentId: String
}
type Process {
id: ID!
type: String!
name: String!
description: String!
area: Area!
event(
limit: Int,
nextToken: String
): EventConnection
version: Int!
}
type ProcessConnection {
items: [Process]
nextToken: String
}
type RootCause {
id: ID!
type: String!
name: String!
}
type RootCauseConnection {
items: [RootCause]
nextToken: String
}
type Site {
id: ID!
type: String!
name: String!
area(
limit: Int,
nextToken: String
): AreaConnection
description: String
version: Int!
}
type SiteConnection {
items: [Site]
nextToken: String
}
type Station {
id: ID!
type: String!
name: String!
description: String
area: Area!
device(
limit: Int,
nextToken: String
): DeviceConnection
version: Int!
}
type StationConnection {
items: [Station]
nextToken: String
}
type PrevDayIssuesStats {
open: Int
acknowledged: Int
closed: Int
lastThreeHours: Int
}
# Inputs
input CreateIssueInput {
id: ID!
eventId: String!
eventDescription: String!
type: String
priority: Priority!
siteName: String!
processName: String!
areaName: String!
stationName: String!
deviceName: String!
created: AWSDateTime!
acknowledged: AWSDateTime
closed: AWSDateTime
resolutionTime: Int
acknowledgedTime: Int
status: Status!
issueSource: IssueSource!
createdBy: String!
additionalDetails: String
eventType: String
}
input UpdateIssueInput {
id: ID!
eventId: String!
eventDescription: String
type: String
priority: Priority
siteName: String
processName: String
areaName: String
stationName: String
deviceName: String
created: AWSDateTime
createdAt: AWSDateTime
acknowledged: AWSDateTime
closed: AWSDateTime
resolutionTime: Int
acknowledgedTime: Int
status: Status
expectedVersion: Int!
rootCause: String
comment: String
createdBy: String
closedBy: String
acknowledgedBy: String
rejectedBy: String
additionalDetails: String
eventType: String
}
input IssueByDeviceCompositeKeyConditionInput {
eq: IssueByDeviceCompositeKeyInput
le: IssueByDeviceCompositeKeyInput
lt: IssueByDeviceCompositeKeyInput
ge: IssueByDeviceCompositeKeyInput
gt: IssueByDeviceCompositeKeyInput
between: [IssueByDeviceCompositeKeyInput]
beginsWith: IssueByDeviceCompositeKeyInput
}
input IssueByDeviceCompositeKeyInput {
areaName: String
status: Status
processName: String
stationName: String
deviceName: String
created: String
}
input IssueBySiteAreaStatusCompositeKeyConditionInput {
eq: IssueBySiteAreaStatusCompositeKeyInput
le: IssueBySiteAreaStatusCompositeKeyInput
lt: IssueBySiteAreaStatusCompositeKeyInput
ge: IssueBySiteAreaStatusCompositeKeyInput
gt: IssueBySiteAreaStatusCompositeKeyInput
between: [IssueBySiteAreaStatusCompositeKeyInput]
beginsWith: IssueBySiteAreaStatusCompositeKeyInput
}
input IssueBySiteAreaStatusCompositeKeyInput {
areaName: String
status: Status
processName: String
eventDescription: String
stationName: String
deviceName: String
created: String
}
input IssueFilterInput {
created: StringInput
status: StringInput
}
input PermissionInput {
id: ID!
sites: [PermissionObjectInput]
areas: [PermissionObjectInput]
processes: [PermissionObjectInput]
stations: [PermissionObjectInput]
devices: [PermissionObjectInput]
version: Int!
}
input PermissionObjectInput {
id: String!
name: String!
parentId: String
}
input RootCauseInput {
id: String!
name: String!
}
input StringInput {
gt: String
eq: String
between: [String]
}
# Enums
enum Priority {
low
medium
high
critical
}
enum Status {
open
acknowledged
closed
inprogress
rejected
}
enum IssueSource {
webClient
s3File
device
}",
},
"Type": "AWS::AppSync::GraphQLSchema",
},
"BackEndAppSyncApiGraphqlApiSiteareaResolverF3386EE8": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"FieldName": "area",
"Kind": "UNIT",
"RequestMappingTemplate": "#set( $limit = $util.defaultIfNull($context.args.limit, 10) )
#set( $query = {
"expression": "#type = :type and #connectionAttribute = :connectionAttribute",
"expressionNames": {
"#type": "type",
"#connectionAttribute": "parentId"
},
"expressionValues": {
":type": { "S": "AREA" },
":connectionAttribute": {
"S": "$context.source.id"
}
}
} )
{
"version": "2017-02-28",
"operation": "Query",
"query": $util.toJson($query),
"scanIndexForward": #if( $context.args.sortDirection )
#if( $context.args.sortDirection == "ASC" )
true
#else
false
#end
#else
true
#end,
"filter": #if( $context.args.filter )
$util.transform.toDynamoDBFilterExpression($ctx.args.filter)
#else
null
#end,
"limit": $limit,
"nextToken": #if( $context.args.nextToken )
"$context.args.nextToken"
#else
null
#end,
"index": "ByTypeAndParent-index"
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
"TypeName": "Site",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiStationareaResolverD60A926C": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"FieldName": "area",
"Kind": "UNIT",
"RequestMappingTemplate": "{
"version": "2017-02-28",
"operation": "GetItem",
"key": {
"id": $util.dynamodb.toDynamoDBJson($util.defaultIfNullOrBlank($ctx.source.stationAreaId, "___xamznone____")),
"type": $util.dynamodb.toDynamoDBJson("AREA")
}
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
"TypeName": "Station",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiStationdeviceResolver2485771D": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"FieldName": "device",
"Kind": "UNIT",
"RequestMappingTemplate": "#set( $limit = $util.defaultIfNull($context.args.limit, 10) )
{
"version": "2017-02-28",
"operation": "Query",
"query": {
"expression": "#type = :type and #parent = :parent",
"expressionNames": {
"#type": "type",
"#parent": "parentId"
},
"expressionValues": {
":type": { "S": "DEVICE" },
":parent": { "S": "$context.source.id" }
}
},
"scanIndexForward": #if( $context.args.sortDirection )
#if( $context.args.sortDirection == "ASC" )
true
#else
false
#end
#else
true
#end,
"filter": #if( $context.args.filter )
$util.transform.toDynamoDBFilterExpression($ctx.args.filter)
#else
null
#end,
"limit": $limit,
"nextToken": #if( $context.args.nextToken )
"$context.args.nextToken"
#else
null
#end,
"index": "ByTypeAndParent-index"
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
"TypeName": "Station",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApiUpdateEventFunction0D934029": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiAVADataSource4AA6D608",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "AVADataSource",
"Description": "Update an event",
"FunctionVersion": "2018-05-29",
"Name": "UpdateEventFunction",
"RequestMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
#set ($update = {})
## Check validation
#if ($ctx.args.sms and $ctx.args.sms != "")
#if (!$util.matches("^((\\+\\d{1,2}\\s)?\\(?\\d{3}\\)?[\\s.-]?\\d{3}[\\s.-]?\\d{4})(,\\s*((\\+\\d{1,2}\\s)?\\(?\\d{3}\\)?[\\s.-]?\\d{3}[\\s.-]?\\d{4}))*$", $ctx.args.sms))
$util.error("SMS No. must be a comma-separated list of valid phone numbers.")
#end
#end
#if ($ctx.args.email and $ctx.args.email != "")
#if (!$util.matches("^([_a-z0-9-]+(\\.[_a-z0-9-]+)*(\\+[a-z0-9-]+)?@\\w+([\\.-]?\\w+)*(\\.\\w{2,3})+)(,\\s*([_a-z0-9-]+(\\.[_a-z0-9-]+)*(\\+[a-z0-9-]+)?@\\w+([\\.-]?\\w+)*(\\.\\w{2,3})+))*$", $ctx.args.email))
$util.error("E-Mail must be a comma-separated list of valid E-Mail addresses.")
#end
#end
## Set updatedAt
#set ($updatedAt = $util.defaultIfNull($ctx.args.updatedAt, $util.time.nowISO8601()))
#set ($expression = "SET")
#set ($expressionValues = {})
## Set expression and expressionValues
#if ($ctx.args.sms)
#set ($expression = "$expression sms = :sms,")
$util.qr($expressionValues.put(":sms", $util.dynamodb.toDynamoDB($ctx.args.sms)))
#end
#if ($ctx.args.email)
#set ($expression = "$expression email = :email,")
$util.qr($expressionValues.put(":email", $util.dynamodb.toDynamoDB($ctx.args.email)))
#end
#if ($ctx.args.rootCauses)
#set ($expression = "$expression rootCauses = :rootCauses,")
$util.qr($expressionValues.put(":rootCauses", $util.dynamodb.toDynamoDB($ctx.args.rootCauses)))
#end
#if ($ctx.args.eventImgKey)
#set ($expression = "$expression eventImgKey = :eventImgKey,")
$util.qr($expressionValues.put(":eventImgKey", $util.dynamodb.toDynamoDB($ctx.args.eventImgKey)))
#end
#if ($ctx.args.alias)
#set ($expression = "$expression alias = :alias,")
$util.qr($expressionValues.put(":alias", $util.dynamodb.toDynamoDB($ctx.args.alias)))
#end
$util.qr($expressionValues.put(":version", $util.dynamodb.toDynamoDB($util.defaultIfNull($ctx.args.version, 1))))
$util.qr($expressionValues.put(":updatedAt", $util.dynamodb.toDynamoDB($updatedAt)))
{
"version": "2017-02-28",
"operation": "UpdateItem",
"key": {
"id": $util.dynamodb.toDynamoDBJson($ctx.args.id),
"type": $util.dynamodb.toDynamoDBJson("EVENT")
},
"update": {
"expression": "$expression version = :version, updatedAt = :updatedAt",
"expressionValues": $util.toJson($expressionValues)
}
}",
"ResponseMappingTemplate": "## Raise a GraphQL field error in case of a datasource invocation error
#if ($ctx.error)
$util.error($ctx.error.message, $ctx.error.type)
#end
## Pass back the result from DynamoDB. **
## If permission exists, remove unauthorized ones.
#if ($ctx.stash.permissionCheck && !$ctx.prev.result.isEmpty())
#set ($currentResult = $ctx.result.items)
#set ($permissions = $ctx.prev.result)
#set ($result = {})
#set ($items = [])
#set ($allowedValues = [])
## Check if this is for issue or others.
#if ($ctx.stash.type == "issue")
## Check site name
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.sites)
#if ($allowedValue.name == $value.siteName)
$util.qr($items.add($value))
#end
#end
#end
## Check area name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.areas)
#if ($allowedValue.name == $value.areaName)
$util.qr($items.add($value))
#end
#end
#end
## Check process name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.processes)
#if ($allowedValue.name == $value.processName)
$util.qr($items.add($value))
#end
#end
#end
## Check station name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.stations)
#if ($allowedValue.name == $value.stationName)
$util.qr($items.add($value))
#end
#end
#end
## Check device name
#set ($currentResult = $items)
#set ($items = [])
#foreach ($value in $currentResult)
#foreach ($allowedValue in $permissions.devices)
#if ($allowedValue.name == $value.deviceName)
$util.qr($items.add($value))
#end
#end
#end
#else
#if ($ctx.stash.type == "site")
#set ($allowedValues = $permissions.sites)
#elseif ($ctx.stash.type == "area")
#set ($allowedValues = $permissions.areas)
#elseif ($ctx.stash.type == "process")
#set ($allowedValues = $permissions.processes)
#elseif ($ctx.stash.type == "station")
#set ($allowedValues = $permissions.stations)
#elseif ($ctx.stash.type == "device")
#set ($allowedValues = $permissions.devices)
#elseif ($ctx.stash.type == "event")
#set ($allowedValues = $permissions.processes)
#end
## For event, it checks permission with process ID because there's no such permission for event.
#foreach ($value in $currentResult)
#foreach ($allowedValue in $allowedValues)
#if ($ctx.stash.type == "event")
#if ($allowedValue.id == $value.eventProcessId)
$util.qr($items.add($value))
#end
#else
#if ($allowedValue.id == $value.id)
$util.qr($items.add($value))
#end
#end
#end
#end
#end
## Check if nextToken is available.
#if ($ctx.result.nextToken)
$util.qr($result.put("nextToken", $ctx.result.nextToken))
#end
$util.qr($result.put("items", $items))
$util.toJson($result)
#else
$util.toJson($ctx.result)
#end",
},
"Type": "AWS::AppSync::FunctionConfiguration",
},
"BackEndAppSyncApiGraphqlApionCreateIssueGraphQLApiF828D99E": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiNoneDataSource58DD79A0",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "NoneDataSource",
"FieldName": "onCreateIssue",
"Kind": "UNIT",
"RequestMappingTemplate": "
{
"version": "2018-05-29",
"payload": {}
}",
"ResponseMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup","ManagerGroup","EngineerGroup","AssociateGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
$util.toJson(null)",
"TypeName": "Subscription",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApionCreateRootCauseGraphQLApi6F7CCB87": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiNoneDataSource58DD79A0",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "NoneDataSource",
"FieldName": "onCreateRootCause",
"Kind": "UNIT",
"RequestMappingTemplate": "
{
"version": "2018-05-29",
"payload": {}
}",
"ResponseMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup","ManagerGroup","EngineerGroup","AssociateGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
$util.toJson(null)",
"TypeName": "Subscription",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApionDeletePermissionGraphQLApiD52D235B": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiNoneDataSource58DD79A0",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "NoneDataSource",
"FieldName": "onDeletePermission",
"Kind": "UNIT",
"RequestMappingTemplate": "
{
"version": "2018-05-29",
"payload": {}
}",
"ResponseMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup","ManagerGroup","EngineerGroup","AssociateGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
$util.toJson(null)",
"TypeName": "Subscription",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApionDeleteRootCauseGraphQLApiE1D0D714": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiNoneDataSource58DD79A0",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "NoneDataSource",
"FieldName": "onDeleteRootCause",
"Kind": "UNIT",
"RequestMappingTemplate": "
{
"version": "2018-05-29",
"payload": {}
}",
"ResponseMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup","ManagerGroup","EngineerGroup","AssociateGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
$util.toJson(null)",
"TypeName": "Subscription",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApionPutPermissionGraphQLApi2FF59744": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiNoneDataSource58DD79A0",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "NoneDataSource",
"FieldName": "onPutPermission",
"Kind": "UNIT",
"RequestMappingTemplate": "
{
"version": "2018-05-29",
"payload": {}
}",
"ResponseMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup","ManagerGroup","EngineerGroup","AssociateGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
$util.toJson(null)",
"TypeName": "Subscription",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiGraphqlApionUpdateIssueGraphQLApi796EAD1B": {
"DependsOn": [
"BackEndAppSyncApiGraphqlApiNoneDataSource58DD79A0",
"BackEndAppSyncApiGraphqlApiSchema569E0B17",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs these wildcards on actions to function properly",
},
],
},
},
"Properties": {
"ApiId": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"ApiId",
],
},
"DataSourceName": "NoneDataSource",
"FieldName": "onUpdateIssue",
"Kind": "UNIT",
"RequestMappingTemplate": "
{
"version": "2018-05-29",
"payload": {}
}",
"ResponseMappingTemplate": "## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup","ManagerGroup","EngineerGroup","AssociateGroup"])
#foreach ($userGroup in $userGroups)
#if ($allowedGroups.contains($userGroup))
#set ($isAllowed = true)
#break
#end
#end
## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
$util.unauthorized()
#end
$util.toJson(null)",
"TypeName": "Subscription",
},
"Type": "AWS::AppSync::Resolver",
},
"BackEndAppSyncApiLogRoleD851D1DD": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Cloudwatch logs policy needs access to all logs arns because it's creating log groups",
},
],
},
},
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "appsync.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
"Path": "/",
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
},
"Type": "AWS::IAM::Role",
},
"BackEndAppSyncApiLogRoleDefaultPolicyBBD6EC4E": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Cloudwatch logs policy needs access to all logs arns because it's creating log groups",
},
],
},
},
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":logs:",
{
"Ref": "AWS::Region",
},
":",
{
"Ref": "AWS::AccountId",
},
":log-group:*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "BackEndAppSyncApiLogRoleDefaultPolicyBBD6EC4E",
"Roles": [
{
"Ref": "BackEndAppSyncApiLogRoleD851D1DD",
},
],
},
"Type": "AWS::IAM::Policy",
},
"BackEndDataAnalysisAvaEtlCleanupJobE10402AE": {
"Condition": "BackEndDataAnalysisGlueWorkflowConditionA63A5CE7",
"Properties": {
"Command": {
"Name": "glueetl",
"PythonVersion": "3",
"ScriptLocation": {
"Fn::Join": [
"",
[
"s3://",
{
"Fn::FindInMap": [
"Solution",
"Config",
"S3BucketPrefix",
],
},
"-",
{
"Ref": "AWS::Region",
},
"/",
{
"Fn::FindInMap": [
"Solution",
"Config",
"S3KeyPrefix",
],
},
"/glue-job-scripts/etl-cleanup.py",
],
],
},
},
"DefaultArguments": {
"--enable-metrics": "",
"--glue_output_bucket": {
"Ref": "AvaGlueOutputBucket",
},
"--glue_output_s3_key_prefix": "glue/ddb-output",
"--job-bookmark-option": "job-bookmark-enable",
"--job-language": "python",
"--region": {
"Ref": "AWS::Region",
},
"--solution_id": "SOxyz",
"--solution_version": "v3.0.1",
},
"ExecutionProperty": {
"MaxConcurrentRuns": 1,
},
"GlueVersion": "2.0",
"Name": "amazon-virtual-andon-etl-cleanup",
"NumberOfWorkers": 2,
"Role": {
"Fn::GetAtt": [
"BackEndDataAnalysisAvaEtlCleanupJobRoleB2319443",
"Arn",
],
},
"Tags": {
"SolutionId": "SOxyz",
},
"Timeout": 60,
"WorkerType": "Standard",
},
"Type": "AWS::Glue::Job",
},
"BackEndDataAnalysisAvaEtlCleanupJobRoleB2319443": {
"Condition": "BackEndDataAnalysisGlueWorkflowConditionA63A5CE7",
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM4",
"reason": "Legacy code requires managed policy, to be addressed in future",
},
{
"id": "AwsSolutions-IAM5",
"reason": "Legacy code requires delete object on glue bucket but uses prefix",
},
],
},
},
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "glue.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
"ManagedPolicyArns": [
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":iam::aws:policy/service-role/AWSGlueServiceRole",
],
],
},
],
"Policies": [
{
"PolicyDocument": {
"Statement": [
{
"Action": "s3:GetObject",
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":s3:::",
{
"Fn::FindInMap": [
"Solution",
"Config",
"S3BucketPrefix",
],
},
"-",
{
"Ref": "AWS::Region",
},
"/",
{
"Fn::FindInMap": [
"Solution",
"Config",
"S3KeyPrefix",
],
},
"/glue-job-scripts/etl-cleanup.py",
],
],
},
},
{
"Action": "s3:DeleteObject",
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"AvaGlueOutputBucket",
"Arn",
],
},
"/glue/ddb-output*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "S3Policy",
},
],
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
},
"Type": "AWS::IAM::Role",
},
"BackEndDataAnalysisAvaEtlDataExportJob4C698717": {
"Condition": "BackEndDataAnalysisGlueWorkflowConditionA63A5CE7",
"Properties": {
"Command": {
"Name": "glueetl",
"PythonVersion": "3",
"ScriptLocation": {
"Fn::Join": [
"",
[
"s3://",
{
"Fn::FindInMap": [
"Solution",
"Config",
"S3BucketPrefix",
],
},
"-",
{
"Ref": "AWS::Region",
},
"/",
{
"Fn::FindInMap": [
"Solution",
"Config",
"S3KeyPrefix",
],
},
"/glue-job-scripts/etl-data-export.py",
],
],
},
},
"DefaultArguments": {
"--ddb_data_hierarchy_table_name": {
"Ref": "AVADataHierarchyTable",
},
"--ddb_issues_table_name": {
"Ref": "AVAIssuesTable",
},
"--enable-metrics": "",
"--glue_data_hierarchy_table_name": {
"Ref": "AvaGlueDataHierarchyTable",
},
"--glue_db_name": {
"Ref": "AvaGlueDatabase",
},
"--glue_issues_table_name": {
"Ref": "AvaGlueIssuesTable",
},
"--glue_output_bucket": {
"Ref": "AvaGlueOutputBucket",
},
"--job-bookmark-option": "job-bookmark-enable",
"--job-language": "python",
"--region": {
"Ref": "AWS::Region",
},
"--solution_id": "SOxyz",
"--solution_version": "v3.0.1",
},
"ExecutionProperty": {
"MaxConcurrentRuns": 2,
},
"GlueVersion": "2.0",
"Name": "amazon-virtual-andon-etl-data-export",
"NumberOfWorkers": 2,
"Role": {
"Fn::GetAtt": [
"BackEndDataAnalysisAvaEtlDataExportJobRole80319EC7",
"Arn",
],
},
"Tags": {
"SolutionId": "SOxyz",
},
"Timeout": 60,
"WorkerType": "Standard",
},
"Type": "AWS::Glue::Job",
},
"BackEndDataAnalysisAvaEtlDataExportJobRole80319EC7": {
"Condition": "BackEndDataAnalysisGlueWorkflowConditionA63A5CE7",
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM4",
"reason": "Legacy code requires managed policy, to be addressed in future",
},
{
"id": "AwsSolutions-IAM5",
"reason": "Legacy code requires listing all buckets in account",
},
],
},
"cfn_nag": {
"rules_to_suppress": [
{
"id": "W11",
"reason": "* is required for the s3:ListAllMyBuckets permission",
},
],
},
},
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "glue.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
"ManagedPolicyArns": [
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":iam::aws:policy/service-role/AWSGlueServiceRole",
],
],
},
],
"Policies": [
{
"PolicyDocument": {
"Statement": [
{
"Action": [
"dynamodb:Scan",
"dynamodb:DescribeTable",
],
"Effect": "Allow",
"Resource": [
{
"Fn::GetAtt": [
"AVAIssuesTable",
"Arn",
],
},
{
"Fn::GetAtt": [
"AVADataHierarchyTable",
"Arn",
],
},
],
},
],
"Version": "2012-10-17",
},
"PolicyName": "DDBPolicy",
},
{
"PolicyDocument": {
"Statement": [
{
"Action": "s3:GetObject",
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":s3:::",
{
"Fn::FindInMap": [
"Solution",
"Config",
"S3BucketPrefix",
],
},
"-",
{
"Ref": "AWS::Region",
},
"/",
{
"Fn::FindInMap": [
"Solution",
"Config",
"S3KeyPrefix",
],
},
"/glue-job-scripts/etl-data-export.py",
],
],
},
},
{
"Action": [
"s3:PutObject",
"s3:DeleteObject",
"s3:GetObject",
],
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"AvaGlueOutputBucket",
"Arn",
],
},
"/*",
],
],
},
},
{
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:GetBucketAcl",
"s3:CreateBucket",
],
"Effect": "Allow",
"Resource": {
"Fn::GetAtt": [
"AvaGlueOutputBucket",
"Arn",
],
},
},
{
"Action": "s3:ListAllMyBuckets",
"Effect": "Allow",
"Resource": "*",
},
],
"Version": "2012-10-17",
},
"PolicyName": "S3Policy",
},
],
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
},
"Type": "AWS::IAM::Role",
},
"BackEndDataAnalysisAvaEtlWorkflowA035F2B6": {
"Condition": "BackEndDataAnalysisGlueWorkflowConditionA63A5CE7",
"Properties": {
"Description": {
"Fn::Join": [
"",
[
"Workflow for ",
{
"Ref": "AWS::StackName",
},
" CloudFormation stack",
],
],
},
"Tags": {
"SolutionId": "SOxyz",
},
},
"Type": "AWS::Glue::Workflow",
},
"BackEndDataAnalysisAvaGlueOutputBucketPolicy99671AB0": {
"Condition": "BackEndDataAnalysisGlueWorkflowConditionA63A5CE7",
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-S10",
"reason": "Legacy code indicates that this is required to make the glue output process to work",
},
],
},
},
"Properties": {
"Bucket": {
"Ref": "AvaGlueOutputBucket",
},
"PolicyDocument": {
"Statement": [
{
"Action": "s3:PutObject",
"Condition": {
"ArnLike": {
"aws:SourceArn": {
"Fn::GetAtt": [
"AvaGlueOutputBucket",
"Arn",
],
},
},
"StringEquals": {
"aws:SourceAccount": {
"Ref": "AWS::AccountId",
},
},
},
"Effect": "Allow",
"Principal": {
"Service": "logging.s3.amazonaws.com",
},
"Resource": {
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"AvaGlueOutputBucket",
"Arn",
],
},
"/server-access-logs/*",
],
],
},
},
{
"Action": "s3:*",
"Condition": {
"Bool": {
"aws:SecureTransport": "False",
},
},
"Effect": "Deny",
"Principal": {
"AWS": "*",
},
"Resource": [
{
"Fn::GetAtt": [
"AvaGlueOutputBucket",
"Arn",
],
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"AvaGlueOutputBucket",
"Arn",
],
},
"/*",
],
],
},
],
},
],
"Version": "2012-10-17",
},
},
"Type": "AWS::S3::BucketPolicy",
},
"BackEndDataAnalysisCrawler4716D7B2": {
"Condition": "BackEndDataAnalysisGlueWorkflowConditionA63A5CE7",
"Properties": {
"DatabaseName": {
"Ref": "AvaGlueDatabase",
},
"Name": "amazon-virtual-andon-crawler",
"Role": {
"Fn::GetAtt": [
"BackEndDataAnalysisCrawlerRole22ED7E20",
"Arn",
],
},
"Tags": {
"SolutionId": "SOxyz",
},
"Targets": {
"DynamoDBTargets": [
{
"Path": {
"Ref": "AVAIssuesTable",
},
},
{
"Path": {
"Ref": "AVADataHierarchyTable",
},
},
],
},
},
"Type": "AWS::Glue::Crawler",
},
"BackEndDataAnalysisCrawlerRole22ED7E20": {
"Condition": "BackEndDataAnalysisGlueWorkflowConditionA63A5CE7",
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM4",
"reason": "Legacy code requires managed policy, to be addressed in future",
},
{
"id": "AwsSolutions-IAM5",
"reason": "Legacy code requires wildcards on end of dynamo table ARNs, may not be necessary",
},
],
},
},
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "glue.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
"ManagedPolicyArns": [
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":iam::aws:policy/service-role/AWSGlueServiceRole",
],
],
},
],
"Policies": [
{
"PolicyDocument": {
"Statement": [
{
"Action": [
"dynamodb:Scan",
"dynamodb:DescribeTable",
],
"Effect": "Allow",
"Resource": [
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"AVAIssuesTable",
"Arn",
],
},
"*",
],
],
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"AVADataHierarchyTable",
"Arn",
],
},
"*",
],
],
},
],
},
],
"Version": "2012-10-17",
},
"PolicyName": "DDBPolicy",
},
],
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
},
"Type": "AWS::IAM::Role",
},
"BackEndDataAnalysisEtlCleanupJobTrigger627B78C1": {
"Condition": "BackEndDataAnalysisGlueWorkflowConditionA63A5CE7",
"Properties": {
"Actions": [
{
"JobName": {
"Ref": "BackEndDataAnalysisAvaEtlCleanupJobE10402AE",
},
},
],
"Description": "Starts the first job (cleanup job) in the ETL workflow. This job will clean any data from S3 that resulted from a prior ETL workflow",
"Name": {
"Fn::Join": [
"",
[
{
"Ref": "AWS::StackName",
},
"-EtlCleanupJobTrigger",
],
],
},
"Schedule": "cron(00 00 ? * MON *)",
"StartOnCreation": true,
"Tags": {
"SolutionId": "SOxyz",
},
"Type": "SCHEDULED",
"WorkflowName": {
"Ref": "BackEndDataAnalysisAvaEtlWorkflowA035F2B6",
},
},
"Type": "AWS::Glue::Trigger",
},
"BackEndDataAnalysisEtlCrawlerTriggerD4CF1A98": {
"Condition": "BackEndDataAnalysisGlueWorkflowConditionA63A5CE7",
"Properties": {
"Actions": [
{
"CrawlerName": {
"Ref": "BackEndDataAnalysisCrawler4716D7B2",
},
},
],
"Description": "Crawls the DynamoDB table to update the Glue Data Catalog",
"Name": {
"Fn::Join": [
"",
[
{
"Ref": "AWS::StackName",
},
"-EtlCrawlerTrigger",
],
],
},
"Predicate": {
"Conditions": [
{
"JobName": {
"Ref": "BackEndDataAnalysisAvaEtlCleanupJobE10402AE",
},
"LogicalOperator": "EQUALS",
"State": "SUCCEEDED",
},
],
},
"StartOnCreation": true,
"Tags": {
"SolutionId": "SOxyz",
},
"Type": "CONDITIONAL",
"WorkflowName": {
"Ref": "BackEndDataAnalysisAvaEtlWorkflowA035F2B6",
},
},
"Type": "AWS::Glue::Trigger",
},
"BackEndDataAnalysisEtlDataHierarchyDataExportJobTriggerDD074455": {
"Condition": "BackEndDataAnalysisGlueWorkflowConditionA63A5CE7",
"Properties": {
"Actions": [
{
"Arguments": {
"--job_type": "hierarchy",
},
"JobName": {
"Ref": "BackEndDataAnalysisAvaEtlDataExportJob4C698717",
},
},
],
"Description": "Runs ETL for the Data Hierarchy table to S3",
"Name": {
"Fn::Join": [
"",
[
{
"Ref": "AWS::StackName",
},
"-EtlDataHierarchyDataExportJobTrigger",
],
],
},
"Predicate": {
"Conditions": [
{
"CrawlState": "SUCCEEDED",
"CrawlerName": {
"Ref": "BackEndDataAnalysisCrawler4716D7B2",
},
"LogicalOperator": "EQUALS",
},
],
},
"StartOnCreation": true,
"Tags": {
"SolutionId": "SOxyz",
},
"Type": "CONDITIONAL",
"WorkflowName": {
"Ref": "BackEndDataAnalysisAvaEtlWorkflowA035F2B6",
},
},
"Type": "AWS::Glue::Trigger",
},
"BackEndDataAnalysisEtlIssuesDataExportJobTriggerE26F764D": {
"Condition": "BackEndDataAnalysisGlueWorkflowConditionA63A5CE7",
"Properties": {
"Actions": [
{
"Arguments": {
"--job_type": "issues",
},
"JobName": {
"Ref": "BackEndDataAnalysisAvaEtlDataExportJob4C698717",
},
},
],
"Description": "Runs ETL for the Issues table to S3",
"Name": {
"Fn::Join": [
"",
[
{
"Ref": "AWS::StackName",
},
"-EtlIssuesDataExportJobTrigger",
],
],
},
"Predicate": {
"Conditions": [
{
"CrawlState": "SUCCEEDED",
"CrawlerName": {
"Ref": "BackEndDataAnalysisCrawler4716D7B2",
},
"LogicalOperator": "EQUALS",
},
],
},
"StartOnCreation": true,
"Tags": {
"SolutionId": "SOxyz",
},
"Type": "CONDITIONAL",
"WorkflowName": {
"Ref": "BackEndDataAnalysisAvaEtlWorkflowA035F2B6",
},
},
"Type": "AWS::Glue::Trigger",
},
"BackEndExternalIntegrationsAnomalyDetectionBucketPolicy1101C4EE": {
"Condition": "BackEndExternalIntegrationsAnomalyDetectionBucketCondition1F7AF011",
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Legacy code requires access to objects in bucket but uses prefix",
},
],
},
},
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": "s3:GetObject",
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":s3:::",
{
"Ref": "AnomalyDetectionBucketParameter",
},
"/*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "BackEndExternalIntegrationsAnomalyDetectionBucketPolicy1101C4EE",
"Roles": [
{
"Ref": "BackEndExternalIntegrationsExternalIntegrationsLambdaRoleCB031580",
},
],
},
"Type": "AWS::IAM::Policy",
},
"BackEndExternalIntegrationsConfigureBucketNotificationCustomResourceF938E975": {
"Condition": "BackEndExternalIntegrationsAnomalyDetectionBucketCondition1F7AF011",
"DeletionPolicy": "Delete",
"DependsOn": [
"BackEndExternalIntegrationsExternalIntegrationsIotToLambdaLambdaFunction80082192",
"BackEndExternalIntegrationsSolutionHelperPutBucketNotificationPolicy81A866BA",
],
"Properties": {
"Action": "CONFIGURE_BUCKET_NOTIFICATION",
"BucketName": {
"Ref": "AnomalyDetectionBucketParameter",
},
"FunctionArn": {
"Fn::GetAtt": [
"BackEndExternalIntegrationsExternalIntegrationsIotToLambdaLambdaFunction80082192",
"Arn",
],
},
"ServiceToken": {
"Fn::GetAtt": [
"CommonResourcesSolutionHelperSolutionHelperFunctionAFC2CF30",
"Arn",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"BackEndExternalIntegrationsExternalIntegrationsIotToLambdaIotTopic37C76E94": {
"Properties": {
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
"TopicRulePayload": {
"Actions": [
{
"Lambda": {
"FunctionArn": {
"Fn::GetAtt": [
"BackEndExternalIntegrationsExternalIntegrationsIotToLambdaLambdaFunction80082192",
"Arn",
],
},
},
},
],
"Description": "Messages from devices are sent to this topic for processing",
"RuleDisabled": false,
"Sql": "SELECT * FROM 'ava/devices'",
},
},
"Type": "AWS::IoT::TopicRule",
},
"BackEndExternalIntegrationsExternalIntegrationsIotToLambdaLambdaFunction80082192": {
"DependsOn": [
"BackEndExternalIntegrationsExternalIntegrationsLambdaRoleDefaultPolicyC66F19E8",
"BackEndExternalIntegrationsExternalIntegrationsLambdaRoleCB031580",
],
"Metadata": {
"cfn_nag": {
"rules_to_suppress": [
{
"id": "W58",
"reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.",
},
{
"id": "W89",
"reason": "This is not a rule for the general case, just for specific use cases/industries",
},
{
"id": "W92",
"reason": "Impossible for us to define the correct concurrency for clients",
},
{
"id": "W89",
"reason": "VPC for Lambda is not needed. This serverless architecture does not deploy a VPC.",
},
{
"id": "W92",
"reason": "ReservedConcurrentExecutions is not needed for this Lambda function.",
},
],
},
},
"Properties": {
"Code": {
"S3Bucket": {
"Fn::Join": [
"",
[
{
"Fn::FindInMap": [
"Solution",
"Config",
"S3BucketPrefix",
],
},
"-",
{
"Ref": "AWS::Region",
},
],
],
},
"S3Key": {
"Fn::Join": [
"",
[
{
"Fn::FindInMap": [
"Solution",
"Config",
"S3KeyPrefix",
],
},
"/external-integrations-handler.zip",
],
],
},
},
"Description": "AVA Test (v3.0.1): Handles issues created by external integrations",
"Environment": {
"Variables": {
"DATA_HIERARCHY_TABLE": {
"Ref": "AVADataHierarchyTable",
},
"IOT_ENDPOINT_ADDRESS": {
"Fn::GetAtt": [
"CommonResourcesSolutionHelperGenerateSolutionConstants3C90DC87",
"IotEndpointAddress",
],
},
"IOT_MESSAGE_NAME_DELIMITER": "/",
"ISSUES_TABLE": {
"Ref": "AVAIssuesTable",
},
"ISSUES_TOPIC": "ava/issues",
"LOGGING_LEVEL": {
"Ref": "LoggingLevel",
},
"SOLUTION_ID": "SOxyz",
"SOLUTION_VERSION": "v3.0.1",
},
},
"Handler": "external-integrations-handler/index.handler",
"Role": {
"Fn::GetAtt": [
"BackEndExternalIntegrationsExternalIntegrationsLambdaRoleCB031580",
"Arn",
],
},
"Runtime": "nodejs18.x",
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
"Timeout": 60,
"TracingConfig": {
"Mode": "Active",
},
},
"Type": "AWS::Lambda::Function",
},
"BackEndExternalIntegrationsExternalIntegrationsIotToLambdaLambdaFunctionAwsIotLambdaInvokePermission17B739EFB": {
"Properties": {
"Action": "lambda:InvokeFunction",
"FunctionName": {
"Fn::GetAtt": [
"BackEndExternalIntegrationsExternalIntegrationsIotToLambdaLambdaFunction80082192",
"Arn",
],
},
"Principal": "iot.amazonaws.com",
"SourceArn": {
"Fn::GetAtt": [
"BackEndExternalIntegrationsExternalIntegrationsIotToLambdaIotTopic37C76E94",
"Arn",
],
},
},
"Type": "AWS::Lambda::Permission",
},
"BackEndExternalIntegrationsExternalIntegrationsIotToLambdaLambdaFunctionServiceRole5431E395": {
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
"Policies": [
{
"PolicyDocument": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":logs:",
{
"Ref": "AWS::Region",
},
":",
{
"Ref": "AWS::AccountId",
},
":log-group:/aws/lambda/*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "LambdaFunctionServiceRolePolicy",
},
],
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
},
"Type": "AWS::IAM::Role",
},
"BackEndExternalIntegrationsExternalIntegrationsLambdaPermission079BFB8A": {
"Condition": "BackEndExternalIntegrationsAnomalyDetectionBucketCondition1F7AF011",
"Properties": {
"Action": "lambda:InvokeFunction",
"FunctionName": {
"Ref": "BackEndExternalIntegrationsExternalIntegrationsIotToLambdaLambdaFunction80082192",
},
"Principal": "s3.amazonaws.com",
"SourceAccount": {
"Ref": "AWS::AccountId",
},
"SourceArn": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":s3:::",
{
"Ref": "AnomalyDetectionBucketParameter",
},
],
],
},
},
"Type": "AWS::Lambda::Permission",
},
"BackEndExternalIntegrationsExternalIntegrationsLambdaRoleCB031580": {
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
"Path": "/",
"Policies": [
{
"PolicyDocument": {
"Statement": [
{
"Action": "dynamodb:GetItem",
"Effect": "Allow",
"Resource": {
"Fn::GetAtt": [
"AVADataHierarchyTable",
"Arn",
],
},
},
{
"Action": "dynamodb:Query",
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"AVADataHierarchyTable",
"Arn",
],
},
"/index/ByTypeAndParent-index",
],
],
},
},
{
"Action": "dynamodb:Query",
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"AVAIssuesTable",
"Arn",
],
},
"/index/ByDeviceEvent-index",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "DynamoDbPolicy",
},
{
"PolicyDocument": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":logs:",
{
"Ref": "AWS::Region",
},
":",
{
"Ref": "AWS::AccountId",
},
":log-group:/aws/lambda/*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "CloudWatchLogsPolicy",
},
{
"PolicyDocument": {
"Statement": [
{
"Action": "iot:Publish",
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":iot:",
{
"Ref": "AWS::Region",
},
":",
{
"Ref": "AWS::AccountId",
},
":topic/ava/issues",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "IotPolicy",
},
],
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
},
"Type": "AWS::IAM::Role",
},
"BackEndExternalIntegrationsExternalIntegrationsLambdaRoleDefaultPolicyC66F19E8": {
"Metadata": {
"cfn_nag": {
"rules_to_suppress": [
{
"id": "W12",
"reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.",
},
],
},
},
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": [
"xray:PutTraceSegments",
"xray:PutTelemetryRecords",
],
"Effect": "Allow",
"Resource": "*",
},
],
"Version": "2012-10-17",
},
"PolicyName": "BackEndExternalIntegrationsExternalIntegrationsLambdaRoleDefaultPolicyC66F19E8",
"Roles": [
{
"Ref": "BackEndExternalIntegrationsExternalIntegrationsLambdaRoleCB031580",
},
],
},
"Type": "AWS::IAM::Policy",
},
"BackEndExternalIntegrationsSolutionHelperPutBucketNotificationPolicy81A866BA": {
"Condition": "BackEndExternalIntegrationsAnomalyDetectionBucketCondition1F7AF011",
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": [
"s3:GetBucketNotification",
"s3:PutBucketNotification",
],
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":s3:::",
{
"Ref": "AnomalyDetectionBucketParameter",
},
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "BackEndExternalIntegrationsSolutionHelperPutBucketNotificationPolicy81A866BA",
"Roles": [
{
"Ref": "CommonResourcesSolutionHelperSolutionHelperFunctionRole5DBA041C",
},
],
},
"Type": "AWS::IAM::Policy",
},
"BackEndHandleIssuesFunctionRoleCE098BAE": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Cloudwatch logs policy needs access to all logs arns because it's creating log groups",
},
],
},
},
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
"Path": "/",
"Policies": [
{
"PolicyDocument": {
"Statement": [
{
"Action": "appsync:GraphQL",
"Effect": "Allow",
"Resource": [
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"Arn",
],
},
"/types/Mutation/fields/createIssue",
],
],
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"Arn",
],
},
"/types/Mutation/fields/updateIssue",
],
],
},
],
},
],
"Version": "2012-10-17",
},
"PolicyName": "GraphQLPolicy",
},
{
"PolicyDocument": {
"Statement": [
{
"Action": "sns:Publish",
"Effect": "Allow",
"Resource": {
"Ref": "IssueNotificationTopic",
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "SnsPolicy",
},
{
"PolicyDocument": {
"Statement": [
{
"Action": "dynamodb:GetItem",
"Effect": "Allow",
"Resource": {
"Fn::GetAtt": [
"AVADataHierarchyTable",
"Arn",
],
},
},
{
"Action": "dynamodb:Query",
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"AVAIssuesTable",
"Arn",
],
},
"/index/ByDeviceEvent-index",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "DynamoDbPolicy",
},
{
"PolicyDocument": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":logs:",
{
"Ref": "AWS::Region",
},
":",
{
"Ref": "AWS::AccountId",
},
":log-group:/aws/lambda/*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "CloudWatchLogsPolicy",
},
],
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
},
"Type": "AWS::IAM::Role",
},
"BackEndHandleIssuesFunctionRoleDefaultPolicy8BD85679": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Cloudwatch logs policy needs access to all logs arns because it's creating log groups",
},
],
},
"cfn_nag": {
"rules_to_suppress": [
{
"id": "W12",
"reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.",
},
],
},
},
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": [
"xray:PutTraceSegments",
"xray:PutTelemetryRecords",
],
"Effect": "Allow",
"Resource": "*",
},
],
"Version": "2012-10-17",
},
"PolicyName": "BackEndHandleIssuesFunctionRoleDefaultPolicy8BD85679",
"Roles": [
{
"Ref": "BackEndHandleIssuesFunctionRoleCE098BAE",
},
],
},
"Type": "AWS::IAM::Policy",
},
"BackEndIoTResourcePolicyE7BCF8FC": {
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": [
"iot:Publish",
],
"Effect": "Allow",
"Resource": [
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":iot:",
{
"Ref": "AWS::Region",
},
":",
{
"Ref": "AWS::AccountId",
},
":topic/ava/issues",
],
],
},
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":iot:",
{
"Ref": "AWS::Region",
},
":",
{
"Ref": "AWS::AccountId",
},
":topic/ava/groups/*",
],
],
},
],
},
{
"Action": [
"iot:Subscribe",
],
"Effect": "Allow",
"Resource": [
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":iot:",
{
"Ref": "AWS::Region",
},
":",
{
"Ref": "AWS::AccountId",
},
":topicfilter/ava/groups/*",
],
],
},
],
},
{
"Action": [
"iot:Receive",
],
"Effect": "Allow",
"Resource": [
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":iot:",
{
"Ref": "AWS::Region",
},
":",
{
"Ref": "AWS::AccountId",
},
":topic/ava/groups/*",
],
],
},
],
},
{
"Action": [
"iot:Connect",
],
"Effect": "Allow",
"Resource": [
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":iot:",
{
"Ref": "AWS::Region",
},
":",
{
"Ref": "AWS::AccountId",
},
":client/*",
],
],
},
],
},
],
"Version": "2012-10-17",
},
},
"Type": "AWS::IoT::Policy",
},
"BackEndIotToLambdaIotTopic4E8A95F3": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Cloudwatch logs policy needs access to all logs arns because it's creating log groups",
},
],
},
},
"Properties": {
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
"TopicRulePayload": {
"Actions": [
{
"Lambda": {
"FunctionArn": {
"Fn::GetAtt": [
"BackEndIotToLambdaLambdaFunctionA1095127",
"Arn",
],
},
},
},
],
"Description": "Issues from the AVA Client are submitted to this topic and sent to lambda for processing",
"RuleDisabled": false,
"Sql": "SELECT * FROM 'ava/issues'",
},
},
"Type": "AWS::IoT::TopicRule",
},
"BackEndIotToLambdaLambdaFunctionA1095127": {
"DependsOn": [
"BackEndHandleIssuesFunctionRoleDefaultPolicy8BD85679",
"BackEndHandleIssuesFunctionRoleCE098BAE",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Cloudwatch logs policy needs access to all logs arns because it's creating log groups",
},
],
},
"cfn_nag": {
"rules_to_suppress": [
{
"id": "W58",
"reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.",
},
{
"id": "W89",
"reason": "This is not a rule for the general case, just for specific use cases/industries",
},
{
"id": "W92",
"reason": "Impossible for us to define the correct concurrency for clients",
},
{
"id": "W89",
"reason": "VPC for Lambda is not needed. This serverless architecture does not deploy a VPC.",
},
{
"id": "W92",
"reason": "ReservedConcurrentExecutions is not needed for this Lambda function.",
},
],
},
},
"Properties": {
"Code": {
"S3Bucket": {
"Fn::Join": [
"",
[
{
"Fn::FindInMap": [
"Solution",
"Config",
"S3BucketPrefix",
],
},
"-",
{
"Ref": "AWS::Region",
},
],
],
},
"S3Key": {
"Fn::Join": [
"",
[
{
"Fn::FindInMap": [
"Solution",
"Config",
"S3KeyPrefix",
],
},
"/ava-issue-handler.zip",
],
],
},
},
"Description": "AVA Test (v3.0.1): Handles issues posted to the 'ava/issues' IoT Topic",
"Environment": {
"Variables": {
"ACCOUNT_ID": {
"Ref": "AWS::AccountId",
},
"API_ENDPOINT": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"GraphQLUrl",
],
},
"DATA_HIERARCHY_TABLE": {
"Ref": "AVADataHierarchyTable",
},
"ISSUES_TABLE": {
"Ref": "AVAIssuesTable",
},
"ISSUE_NOTIFICATION_TOPIC_ARN": {
"Ref": "IssueNotificationTopic",
},
"LOGGING_LEVEL": {
"Ref": "LoggingLevel",
},
"SOLUTION_ID": "SOxyz",
"SOLUTION_VERSION": "v3.0.1",
},
},
"Handler": "ava-issue-handler/index.handler",
"Role": {
"Fn::GetAtt": [
"BackEndHandleIssuesFunctionRoleCE098BAE",
"Arn",
],
},
"Runtime": "nodejs18.x",
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
"Timeout": 60,
"TracingConfig": {
"Mode": "Active",
},
},
"Type": "AWS::Lambda::Function",
},
"BackEndIotToLambdaLambdaFunctionAwsIotLambdaInvokePermission13290C2B8": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Cloudwatch logs policy needs access to all logs arns because it's creating log groups",
},
],
},
},
"Properties": {
"Action": "lambda:InvokeFunction",
"FunctionName": {
"Fn::GetAtt": [
"BackEndIotToLambdaLambdaFunctionA1095127",
"Arn",
],
},
"Principal": "iot.amazonaws.com",
"SourceArn": {
"Fn::GetAtt": [
"BackEndIotToLambdaIotTopic4E8A95F3",
"Arn",
],
},
},
"Type": "AWS::Lambda::Permission",
},
"BackEndIotToLambdaLambdaFunctionServiceRole566D010B": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Cloudwatch logs policy needs access to all logs arns because it's creating log groups",
},
],
},
},
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
"Policies": [
{
"PolicyDocument": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":logs:",
{
"Ref": "AWS::Region",
},
":",
{
"Ref": "AWS::AccountId",
},
":log-group:/aws/lambda/*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "LambdaFunctionServiceRolePolicy",
},
],
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
},
"Type": "AWS::IAM::Role",
},
"CommonResourcesSolutionHelperCopyWebsiteD6F96EA9": {
"DeletionPolicy": "Delete",
"Properties": {
"Action": "COPY_WEBSITE",
"DestinationBucket": {
"Ref": "FrontEndDistributionToS3S3Bucket3A171D78",
},
"ServiceToken": {
"Fn::GetAtt": [
"CommonResourcesSolutionHelperSolutionHelperFunctionAFC2CF30",
"Arn",
],
},
"SourceBucket": {
"Fn::Join": [
"",
[
{
"Fn::FindInMap": [
"Solution",
"Config",
"S3BucketPrefix",
],
},
"-",
{
"Ref": "AWS::Region",
},
],
],
},
"SourceKey": {
"Fn::Join": [
"",
[
{
"Fn::FindInMap": [
"Solution",
"Config",
"S3KeyPrefix",
],
},
"/console",
],
],
},
"SourceManifest": "site-manifest.json",
"WebsiteDistributionDomain": {
"Fn::Join": [
"",
[
"https://",
{
"Fn::GetAtt": [
"FrontEndDistributionToS3CloudFrontDistribution15FE13D0",
"DomainName",
],
},
],
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"CommonResourcesSolutionHelperCustomResourceLambdaIoTPolicy0595AC50": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "IoT policy has to be able to detach any principal policy to work",
},
],
},
"cfn_nag": {
"rules_to_suppress": [
{
"id": "W12",
"reason": "To connect IoT and attach IoT policy to Cognito identity cannot specify the specific resources.",
},
],
},
},
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": "iot:DetachPrincipalPolicy",
"Effect": "Allow",
"Resource": "*",
},
],
"Version": "2012-10-17",
},
"PolicyName": "CustomResourceLambdaIoTPolicy",
"Roles": [
{
"Ref": "CommonResourcesSolutionHelperSolutionHelperFunctionRole5DBA041C",
},
],
},
"Type": "AWS::IAM::Policy",
},
"CommonResourcesSolutionHelperGenerateSolutionConstants3C90DC87": {
"DeletionPolicy": "Delete",
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"applies_to": [
"Action::s3:GetObject*",
],
"id": "AwsSolutions-IAM5",
"reason": "Cloudwatch logs policy needs access to all logs arns because it's creating log groups",
},
],
},
},
"Properties": {
"Action": "GENERATE_SOLUTION_CONSTANTS",
"ServiceToken": {
"Fn::GetAtt": [
"CommonResourcesSolutionHelperGenerateSolutionConstantsFunction7191D09F",
"Arn",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"CommonResourcesSolutionHelperGenerateSolutionConstantsFunction7191D09F": {
"DependsOn": [
"CommonResourcesSolutionHelperGenerateSolutionConstantsFunctionRoleED3C0929",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"applies_to": [
"Action::s3:GetObject*",
],
"id": "AwsSolutions-IAM5",
"reason": "Cloudwatch logs policy needs access to all logs arns because it's creating log groups",
},
],
},
"cfn_nag": {
"rules_to_suppress": [
{
"id": "W89",
"reason": "VPC for Lambda is not needed. This serverless architecture does not deploy a VPC.",
},
{
"id": "W92",
"reason": "ReservedConcurrentExecutions is not needed for this Lambda function.",
},
],
},
},
"Properties": {
"Code": {
"S3Bucket": {
"Fn::Join": [
"",
[
{
"Fn::FindInMap": [
"Solution",
"Config",
"S3BucketPrefix",
],
},
"-",
{
"Ref": "AWS::Region",
},
],
],
},
"S3Key": {
"Fn::Join": [
"",
[
{
"Fn::FindInMap": [
"Solution",
"Config",
"S3KeyPrefix",
],
},
"/solution-helper.zip",
],
],
},
},
"Description": "AVA Test (v3.0.1): Generate Solution Constants",
"Environment": {
"Variables": {
"LOGGING_LEVEL": {
"Ref": "LoggingLevel",
},
},
},
"Handler": "solution-helper/index.handler",
"Role": {
"Fn::GetAtt": [
"CommonResourcesSolutionHelperGenerateSolutionConstantsFunctionRoleED3C0929",
"Arn",
],
},
"Runtime": "nodejs18.x",
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
"Timeout": 60,
},
"Type": "AWS::Lambda::Function",
},
"CommonResourcesSolutionHelperGenerateSolutionConstantsFunctionRoleED3C0929": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Needs to be able to describe any IoT endpoint and Cloudwatch logs policy needs access to all logs arns because it's creating log groups",
},
{
"applies_to": [
"Action::s3:GetObject*",
],
"id": "AwsSolutions-IAM5",
"reason": "Cloudwatch logs policy needs access to all logs arns because it's creating log groups",
},
],
},
"cfn_nag": {
"rules_to_suppress": [
{
"id": "W11",
"reason": "* is required for the iot:DescribeEndpoint permission",
},
],
},
},
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
"Path": "/",
"Policies": [
{
"PolicyDocument": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":logs:",
{
"Ref": "AWS::Region",
},
":",
{
"Ref": "AWS::AccountId",
},
":log-group:/aws/lambda/*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "CloudWatchLogsPolicy",
},
{
"PolicyDocument": {
"Statement": [
{
"Action": "iot:DescribeEndpoint",
"Effect": "Allow",
"Resource": "*",
},
],
"Version": "2012-10-17",
},
"PolicyName": "IoTPolicy",
},
],
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
},
"Type": "AWS::IAM::Role",
},
"CommonResourcesSolutionHelperPutWebsiteConfig282170FD": {
"DeletionPolicy": "Delete",
"Properties": {
"Action": "PUT_WEBSITE_CONFIG",
"AndonWebsiteConfig": {
"aws_appsync_authenticationType": "AMAZON_COGNITO_USER_POOLS",
"aws_appsync_graphqlEndpoint": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"GraphQLUrl",
],
},
"aws_appsync_region": {
"Ref": "AWS::Region",
},
"aws_cognito_identity_pool_id": {
"Ref": "FrontEndCognitoIdentityPool0FC7D25D",
},
"aws_cognito_region": {
"Ref": "AWS::Region",
},
"aws_iot_endpoint": {
"Fn::Join": [
"",
[
"wss://",
{
"Fn::GetAtt": [
"CommonResourcesSolutionHelperGenerateSolutionConstants3C90DC87",
"IotEndpointAddress",
],
},
],
],
},
"aws_iot_policy_name": {
"Ref": "BackEndIoTResourcePolicyE7BCF8FC",
},
"aws_project_region": {
"Ref": "AWS::Region",
},
"aws_user_pools_id": {
"Ref": "FrontEndCognitoUserPoolFCECA826",
},
"aws_user_pools_web_client_id": {
"Ref": "FrontEndCognitoUserPoolClientD6B239B2",
},
"default_language": {
"Ref": "DefaultLanguage",
},
"solutions_metrics_endpoint": "https://metrics.awssolutionsbuilder.com/page",
"solutions_send_metrics": {
"Fn::FindInMap": [
"Solution",
"Config",
"AnonymousUsage",
],
},
"solutions_solutionId": "SOxyz",
"solutions_solutionUuId": {
"Fn::GetAtt": [
"CommonResourcesSolutionHelperGenerateSolutionConstants3C90DC87",
"AnonymousDataUUID",
],
},
"solutions_version": "v3.0.1",
"website_bucket": {
"Ref": "FrontEndDistributionToS3S3Bucket3A171D78",
},
},
"AndonWebsiteConfigFileBaseName": "andon_config",
"S3Bucket": {
"Ref": "FrontEndDistributionToS3S3Bucket3A171D78",
},
"ServiceToken": {
"Fn::GetAtt": [
"CommonResourcesSolutionHelperSolutionHelperFunctionAFC2CF30",
"Arn",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"CommonResourcesSolutionHelperSolutionHelperFunctionAFC2CF30": {
"DependsOn": [
"CommonResourcesSolutionHelperSolutionHelperFunctionRoleDefaultPolicyFD9C8CEC",
"CommonResourcesSolutionHelperSolutionHelperFunctionRole5DBA041C",
],
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"applies_to": [
"Action::s3:GetObject*",
],
"id": "AwsSolutions-IAM5",
"reason": "Cloudwatch logs policy needs access to all logs arns because it's creating log groups",
},
],
},
"cfn_nag": {
"rules_to_suppress": [
{
"id": "W89",
"reason": "VPC for Lambda is not needed. This serverless architecture does not deploy a VPC.",
},
{
"id": "W92",
"reason": "ReservedConcurrentExecutions is not needed for this Lambda function.",
},
],
},
},
"Properties": {
"Code": {
"S3Bucket": {
"Fn::Join": [
"",
[
{
"Fn::FindInMap": [
"Solution",
"Config",
"S3BucketPrefix",
],
},
"-",
{
"Ref": "AWS::Region",
},
],
],
},
"S3Key": {
"Fn::Join": [
"",
[
{
"Fn::FindInMap": [
"Solution",
"Config",
"S3KeyPrefix",
],
},
"/solution-helper.zip",
],
],
},
},
"Description": "AVA Test (v3.0.1): Solution Helper",
"Environment": {
"Variables": {
"ANONYMOUS_DATA_UUID": {
"Fn::GetAtt": [
"CommonResourcesSolutionHelperGenerateSolutionConstants3C90DC87",
"AnonymousDataUUID",
],
},
"LOGGING_LEVEL": {
"Ref": "LoggingLevel",
},
"RETRY_SECONDS": "5",
"SEND_ANONYMOUS_DATA": {
"Fn::FindInMap": [
"Solution",
"Config",
"AnonymousUsage",
],
},
"SOLUTION_ID": "SOxyz",
"SOLUTION_VERSION": "v3.0.1",
},
},
"Handler": "solution-helper/index.handler",
"Role": {
"Fn::GetAtt": [
"CommonResourcesSolutionHelperSolutionHelperFunctionRole5DBA041C",
"Arn",
],
},
"Runtime": "nodejs18.x",
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
"Timeout": 60,
},
"Type": "AWS::Lambda::Function",
},
"CommonResourcesSolutionHelperSolutionHelperFunctionRole5DBA041C": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Cloudwatch logs policy needs access to all logs arns because it's creating log groups",
},
{
"applies_to": [
"Action::s3:GetObject*",
],
"id": "AwsSolutions-IAM5",
"reason": "Cloudwatch logs policy needs access to all logs arns because it's creating log groups",
},
{
"id": "AwsSolutions-IAM5",
"reason": "Solution helper construct needs wildcard permissions for creating log groups and on s3 helper functions to access s3 assets (just on actions)",
},
],
},
},
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
"Path": "/",
"Policies": [
{
"PolicyDocument": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":logs:",
{
"Ref": "AWS::Region",
},
":",
{
"Ref": "AWS::AccountId",
},
":log-group:/aws/lambda/*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "CloudWatchLogsPolicy",
},
],
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
},
"Type": "AWS::IAM::Role",
},
"CommonResourcesSolutionHelperSolutionHelperFunctionRoleDefaultPolicyFD9C8CEC": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Solution helper construct needs wildcard permissions for creating log groups and on s3 helper functions to access s3 assets (just on actions)",
},
],
},
},
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": [
"s3:GetObject*",
"s3:GetBucket*",
"s3:List*",
],
"Effect": "Allow",
"Resource": [
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":s3:::",
{
"Fn::FindInMap": [
"Solution",
"Config",
"S3BucketPrefix",
],
},
"-",
{
"Ref": "AWS::Region",
},
],
],
},
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":s3:::",
{
"Fn::FindInMap": [
"Solution",
"Config",
"S3BucketPrefix",
],
},
"-",
{
"Ref": "AWS::Region",
},
"/",
{
"Fn::FindInMap": [
"Solution",
"Config",
"S3KeyPrefix",
],
},
"/*",
],
],
},
],
},
{
"Action": [
"s3:PutObject",
"s3:PutObjectLegalHold",
"s3:PutObjectRetention",
"s3:PutObjectTagging",
"s3:PutObjectVersionTagging",
"s3:Abort*",
],
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"FrontEndDistributionToS3S3Bucket3A171D78",
"Arn",
],
},
"/*",
],
],
},
},
{
"Action": "s3:PutBucketCors",
"Effect": "Allow",
"Resource": {
"Fn::GetAtt": [
"FrontEndDistributionToS3S3Bucket3A171D78",
"Arn",
],
},
},
{
"Action": "iot:ListTargetsForPolicy",
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":iot:",
{
"Ref": "AWS::Region",
},
":",
{
"Ref": "AWS::AccountId",
},
":policy/*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "CommonResourcesSolutionHelperSolutionHelperFunctionRoleDefaultPolicyFD9C8CEC",
"Roles": [
{
"Ref": "CommonResourcesSolutionHelperSolutionHelperFunctionRole5DBA041C",
},
],
},
"Type": "AWS::IAM::Policy",
},
"CommonResourcesSolutionHelperSolutionLifecycleFF1B537C": {
"DeletionPolicy": "Delete",
"Properties": {
"Action": "SOLUTION_LIFECYCLE",
"IotPolicyName": {
"Ref": "BackEndIoTResourcePolicyE7BCF8FC",
},
"ServiceToken": {
"Fn::GetAtt": [
"CommonResourcesSolutionHelperSolutionHelperFunctionAFC2CF30",
"Arn",
],
},
"SolutionParameters": {
"AnomalyDetectionBucketParameterSet": {
"Fn::If": [
"anomalyDetectionBucketParameterSetCondition",
"No",
"Yes",
],
},
"CognitoDomainPrefixParameterSet": {
"Fn::If": [
"cognitoDomainPrefixParameterSetCondition",
"No",
"Yes",
],
},
"CognitoSAMLProviderMetadataUrlParameterSet": {
"Fn::If": [
"cognitoSAMLProviderMetadataUrlParameterSetCondition",
"No",
"Yes",
],
},
"CognitoSAMLProviderNameParameterSet": {
"Fn::If": [
"cognitoSAMLProviderNameParameterSetCondition",
"No",
"Yes",
],
},
"DefaultLanguage": {
"Ref": "DefaultLanguage",
},
"LoggingLevel": {
"Ref": "LoggingLevel",
},
"StartGlueWorkflow": {
"Ref": "StartGlueWorkflow",
},
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"DefaultApplicationAttributeGroup41AD7209": {
"Properties": {
"Attributes": {
"applicationType": "AWS-Solutions",
"solutionID": "SOxyz",
"solutionName": "ava-test",
"version": "v3.0.1",
},
"Description": "Attribute group for solution information",
"Name": {
"Fn::Join": [
"-",
[
"S01",
{
"Ref": "AWS::Region",
},
{
"Ref": "AWS::StackName",
},
],
],
},
"Tags": {
"SolutionId": "SOxyz",
},
},
"Type": "AWS::ServiceCatalogAppRegistry::AttributeGroup",
},
"DefaultApplicationAttributeGroupApplicationAttributeGroupAssociatione3a1597d92225B35764D": {
"Properties": {
"Application": {
"Fn::GetAtt": [
"ApplicationD9CED6CE",
"Id",
],
},
"AttributeGroup": {
"Fn::GetAtt": [
"DefaultApplicationAttributeGroup41AD7209",
"Id",
],
},
},
"Type": "AWS::ServiceCatalogAppRegistry::AttributeGroupAssociation",
},
"FrontEndAVACognitoPolicy179B97ED": {
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": [
"cognito-idp:ListUsers",
"cognito-idp:ListUsersInGroup",
"cognito-idp:AdminGetUser",
"cognito-idp:AdminListGroupsForUser",
"cognito-idp:AdminCreateUser",
"cognito-idp:AdminDeleteUser",
"cognito-idp:AdminAddUserToGroup",
"cognito-idp:AdminRemoveUserFromGroup",
],
"Effect": "Allow",
"Resource": {
"Fn::GetAtt": [
"FrontEndCognitoUserPoolFCECA826",
"Arn",
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "AVACognitoPolicy",
"Roles": [
{
"Ref": "FrontEndIdentityPoolRole3B0EF954",
},
],
},
"Type": "AWS::IAM::Policy",
},
"FrontEndAVAEventImagePolicy3C5CA89F": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Identity pool needs access to all resources under specific key path folder in website hosting bucket",
},
],
},
},
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
],
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"FrontEndDistributionToS3S3Bucket3A171D78",
"Arn",
],
},
"/public/event-images/*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "AVAEventImagePolicy",
"Roles": [
{
"Ref": "FrontEndIdentityPoolRole3B0EF954",
},
],
},
"Type": "AWS::IAM::Policy",
},
"FrontEndAVAIotPolicyFBACDF60": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "To connect IoT and attach IoT policy to Cognito identity cannot specify the specific resources.",
},
],
},
"cfn_nag": {
"rules_to_suppress": [
{
"id": "W12",
"reason": "To connect IoT and attach IoT policy to Cognito identity cannot specify the specific resources.",
},
],
},
},
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": [
"iot:AttachPrincipalPolicy",
"iot:Connect",
],
"Effect": "Allow",
"Resource": "*",
},
{
"Action": "iot:Publish",
"Effect": "Allow",
"Resource": [
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":iot:",
{
"Ref": "AWS::Region",
},
":",
{
"Ref": "AWS::AccountId",
},
":topic/ava/issues",
],
],
},
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":iot:",
{
"Ref": "AWS::Region",
},
":",
{
"Ref": "AWS::AccountId",
},
":topic/ava/groups/*",
],
],
},
],
},
{
"Action": "iot:Subscribe",
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":iot:",
{
"Ref": "AWS::Region",
},
":",
{
"Ref": "AWS::AccountId",
},
":topicfilter/ava/groups/*",
],
],
},
},
{
"Action": "iot:Receive",
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":iot:",
{
"Ref": "AWS::Region",
},
":",
{
"Ref": "AWS::AccountId",
},
":topic/ava/groups/*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "AVAIotPolicy",
"Roles": [
{
"Ref": "FrontEndIdentityPoolRole3B0EF954",
},
],
},
"Type": "AWS::IAM::Policy",
},
"FrontEndAVAListEventImagePolicy7AEACBFC": {
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": "s3:ListBucket",
"Effect": "Allow",
"Resource": {
"Fn::GetAtt": [
"FrontEndDistributionToS3S3Bucket3A171D78",
"Arn",
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "AVAListEventImagePolicy",
"Roles": [
{
"Ref": "FrontEndIdentityPoolRole3B0EF954",
},
],
},
"Type": "AWS::IAM::Policy",
},
"FrontEndAdminGroupAssignmentB768C381": {
"Properties": {
"GroupName": {
"Ref": "FrontEndUserPoolAdminGroupF95B2095",
},
"UserPoolId": {
"Ref": "FrontEndCognitoUserPoolFCECA826",
},
"Username": {
"Ref": "FrontEndAdminUser9E173A10",
},
},
"Type": "AWS::Cognito::UserPoolUserToGroupAttachment",
},
"FrontEndAdminUser9E173A10": {
"Properties": {
"DesiredDeliveryMediums": [
"EMAIL",
],
"ForceAliasCreation": true,
"UserAttributes": [
{
"Name": "email",
"Value": {
"Ref": "AdministratorEmail",
},
},
{
"Name": "email_verified",
"Value": "true",
},
],
"UserPoolId": {
"Ref": "FrontEndCognitoUserPoolFCECA826",
},
"Username": {
"Ref": "AdministratorEmail",
},
},
"Type": "AWS::Cognito::UserPoolUser",
},
"FrontEndCognitoIdentityPool0FC7D25D": {
"Properties": {
"AllowUnauthenticatedIdentities": false,
"CognitoIdentityProviders": [
{
"ClientId": {
"Ref": "FrontEndCognitoUserPoolClientD6B239B2",
},
"ProviderName": {
"Fn::GetAtt": [
"FrontEndCognitoUserPoolFCECA826",
"ProviderName",
],
},
"ServerSideTokenCheck": true,
},
],
},
"Type": "AWS::Cognito::IdentityPool",
},
"FrontEndCognitoSAMLProvider3A7A9A4D": {
"Condition": "FrontEndCognitoSAMLConditionCF14CDB1",
"Properties": {
"AttributeMapping": {
"email": "email",
"family_name": "lastName",
"given_name": "firstName",
},
"ProviderDetails": {
"MetadataURL": {
"Ref": "CognitoSAMLProviderMetadataUrlParameter",
},
},
"ProviderName": {
"Ref": "CognitoSAMLProviderNameParameter",
},
"ProviderType": "SAML",
"UserPoolId": {
"Ref": "FrontEndCognitoUserPoolFCECA826",
},
},
"Type": "AWS::Cognito::UserPoolIdentityProvider",
},
"FrontEndCognitoTriggerFunction9B55F185": {
"Condition": "FrontEndCognitoSAMLConditionCF14CDB1",
"DependsOn": [
"FrontEndCognitoTriggerFunctionRoleE1F3DD17",
],
"Metadata": {
"cfn_nag": {
"rules_to_suppress": [
{
"id": "W89",
"reason": "VPC for Lambda is not needed. This serverless architecture does not deploy a VPC.",
},
{
"id": "W92",
"reason": "ReservedConcurrentExecutions is not needed for this Lambda function.",
},
],
},
},
"Properties": {
"Code": {
"S3Bucket": {
"Fn::Join": [
"",
[
{
"Fn::FindInMap": [
"Solution",
"Config",
"S3BucketPrefix",
],
},
"-",
{
"Ref": "AWS::Region",
},
],
],
},
"S3Key": {
"Fn::Join": [
"",
[
{
"Fn::FindInMap": [
"Solution",
"Config",
"S3KeyPrefix",
],
},
"/cognito-trigger.zip",
],
],
},
},
"Description": "AVA Test (v3.0.1): Cognito Trigger. Used when a new user is confirmed in the user pool to allow for custom actions to be taken",
"Environment": {
"Variables": {
"LOGGING_LEVEL": {
"Ref": "LoggingLevel",
},
},
},
"Handler": "cognito-trigger/index.handler",
"Role": {
"Fn::GetAtt": [
"FrontEndCognitoTriggerFunctionRoleE1F3DD17",
"Arn",
],
},
"Runtime": "nodejs18.x",
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
"Timeout": 60,
},
"Type": "AWS::Lambda::Function",
},
"FrontEndCognitoTriggerFunctionPermissionD9EE1B20": {
"Condition": "FrontEndCognitoSAMLConditionCF14CDB1",
"Properties": {
"Action": "lambda:InvokeFunction",
"FunctionName": {
"Ref": "FrontEndCognitoTriggerFunction9B55F185",
},
"Principal": "cognito-idp.amazonaws.com",
"SourceArn": {
"Fn::GetAtt": [
"FrontEndCognitoUserPoolFCECA826",
"Arn",
],
},
},
"Type": "AWS::Lambda::Permission",
},
"FrontEndCognitoTriggerFunctionRoleE1F3DD17": {
"Condition": "FrontEndCognitoSAMLConditionCF14CDB1",
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-IAM5",
"reason": "Cloudwatch logs policy needs access to all logs arns because it's creating log groups",
},
],
},
},
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
"Path": "/",
"Policies": [
{
"PolicyDocument": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":logs:",
{
"Ref": "AWS::Region",
},
":",
{
"Ref": "AWS::AccountId",
},
":log-group:/aws/lambda/*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "CloudWatchLogsPolicy",
},
],
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
},
"Type": "AWS::IAM::Role",
},
"FrontEndCognitoUserPoolClientD6B239B2": {
"Properties": {
"AllowedOAuthFlows": [
"code",
],
"AllowedOAuthFlowsUserPoolClient": true,
"AllowedOAuthScopes": [
"phone",
"email",
"openid",
"profile",
"aws.cognito.signin.user.admin",
],
"CallbackURLs": [
{
"Fn::Join": [
"",
[
"https://",
{
"Fn::GetAtt": [
"FrontEndDistributionToS3CloudFrontDistribution15FE13D0",
"DomainName",
],
},
"/",
],
],
},
],
"ClientName": "ava-userpool-client",
"GenerateSecret": false,
"LogoutURLs": [
{
"Fn::Join": [
"",
[
"https://",
{
"Fn::GetAtt": [
"FrontEndDistributionToS3CloudFrontDistribution15FE13D0",
"DomainName",
],
},
"/",
],
],
},
],
"PreventUserExistenceErrors": "ENABLED",
"RefreshTokenValidity": 1440,
"SupportedIdentityProviders": {
"Fn::If": [
"FrontEndCognitoSAMLConditionCF14CDB1",
[
"COGNITO",
{
"Ref": "CognitoSAMLProviderNameParameter",
},
],
[
"COGNITO",
],
],
},
"TokenValidityUnits": {
"RefreshToken": "minutes",
},
"UserPoolId": {
"Ref": "FrontEndCognitoUserPoolFCECA826",
},
},
"Type": "AWS::Cognito::UserPoolClient",
},
"FrontEndCognitoUserPoolFCECA826": {
"DeletionPolicy": "Retain",
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-COG2",
"reason": "MFA not required for this version of the solution",
},
],
},
},
"Properties": {
"AccountRecoverySetting": {
"RecoveryMechanisms": [
{
"Name": "verified_phone_number",
"Priority": 1,
},
{
"Name": "verified_email",
"Priority": 2,
},
],
},
"AdminCreateUserConfig": {
"AllowAdminCreateUserOnly": true,
"InviteMessageTemplate": {
"EmailMessage": {
"Fn::Join": [
"",
[
"
You are invited to join Amazon Virtual Andon. Your temporary password is as follows:
E-Mail: {username}
Password: {####}
Please sign in to Amazon Virtual Andon with your Username (E-Mail) and temporary password provided above at:
https://",
{
"Fn::GetAtt": [
"FrontEndDistributionToS3CloudFrontDistribution15FE13D0",
"DomainName",
],
},
"
",
],
],
},
"EmailSubject": "[AVA Test] - Login Information",
},
},
"EmailVerificationMessage": "The verification code to your new account is {####}",
"EmailVerificationSubject": "Verify your new account",
"LambdaConfig": {
"Fn::If": [
"FrontEndCognitoSAMLConditionCF14CDB1",
{
"PostConfirmation": {
"Fn::GetAtt": [
"FrontEndCognitoTriggerFunction9B55F185",
"Arn",
],
},
},
{},
],
},
"Policies": {
"PasswordPolicy": {
"MinimumLength": 8,
"RequireLowercase": true,
"RequireNumbers": true,
"RequireSymbols": true,
"RequireUppercase": true,
"TemporaryPasswordValidityDays": 7,
},
},
"SmsVerificationMessage": "The verification code to your new account is {####}",
"UserPoolAddOns": {
"AdvancedSecurityMode": "ENFORCED",
},
"UserPoolName": "ava-userpool",
"UserPoolTags": {
"SolutionId": "SOxyz",
},
"VerificationMessageTemplate": {
"DefaultEmailOption": "CONFIRM_WITH_CODE",
"EmailMessage": "The verification code to your new account is {####}",
"EmailSubject": "Verify your new account",
"SmsMessage": "The verification code to your new account is {####}",
},
},
"Type": "AWS::Cognito::UserPool",
"UpdateReplacePolicy": "Retain",
},
"FrontEndDistributionToS3CloudFrontDistribution15FE13D0": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-S1",
"reason": "The bucket doesn't have server access logs enabled because it is a logging bucket itself",
},
{
"id": "AwsSolutions-CFR1",
"reason": "The solution does not control geo restriction.",
},
{
"id": "AwsSolutions-CFR2",
"reason": "No need to enable WAF.",
},
{
"id": "AwsSolutions-CFR4",
"reason": "No control on the solution side as it is using the CloudFront default certificate.",
},
],
},
"cfn_nag": {
"rules_to_suppress": [
{
"id": "W70",
"reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion",
},
],
},
},
"Properties": {
"DistributionConfig": {
"Comment": "Website Distribution for Amazon Virtual Andon",
"CustomErrorResponses": [
{
"ErrorCode": 403,
"ResponseCode": 200,
"ResponsePagePath": "/index.html",
},
{
"ErrorCode": 404,
"ResponseCode": 200,
"ResponsePagePath": "/index.html",
},
],
"DefaultCacheBehavior": {
"CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
"Compress": true,
"TargetOriginId": "TestStackFrontEndDistributionToS3CloudFrontDistributionOrigin12FCDC222",
"ViewerProtocolPolicy": "redirect-to-https",
},
"DefaultRootObject": "index.html",
"Enabled": true,
"HttpVersion": "http2",
"IPV6Enabled": true,
"Logging": {
"Bucket": {
"Fn::GetAtt": [
"FrontEndDistributionToS3CloudfrontLoggingBucket7A3EE857",
"RegionalDomainName",
],
},
"Prefix": "hosting-cloudfront/",
},
"Origins": [
{
"DomainName": {
"Fn::GetAtt": [
"FrontEndDistributionToS3S3Bucket3A171D78",
"RegionalDomainName",
],
},
"Id": "TestStackFrontEndDistributionToS3CloudFrontDistributionOrigin12FCDC222",
"S3OriginConfig": {
"OriginAccessIdentity": {
"Fn::Join": [
"",
[
"origin-access-identity/cloudfront/",
{
"Ref": "FrontEndDistributionToS3CloudFrontDistributionOrigin1S3OriginD10E575E",
},
],
],
},
},
},
],
},
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
},
"Type": "AWS::CloudFront::Distribution",
},
"FrontEndDistributionToS3CloudFrontDistributionOrigin1S3OriginD10E575E": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-S1",
"reason": "The bucket doesn't have server access logs enabled because it is a logging bucket itself",
},
{
"id": "AwsSolutions-CFR1",
"reason": "The solution does not control geo restriction.",
},
{
"id": "AwsSolutions-CFR2",
"reason": "No need to enable WAF.",
},
{
"id": "AwsSolutions-CFR4",
"reason": "No control on the solution side as it is using the CloudFront default certificate.",
},
],
},
},
"Properties": {
"CloudFrontOriginAccessIdentityConfig": {
"Comment": "Identity for TestStackFrontEndDistributionToS3CloudFrontDistributionOrigin12FCDC222",
},
},
"Type": "AWS::CloudFront::CloudFrontOriginAccessIdentity",
},
"FrontEndDistributionToS3CloudfrontLoggingBucket7A3EE857": {
"DeletionPolicy": "Retain",
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-S1",
"reason": "The bucket doesn't have server access logs enabled because it is a logging bucket itself",
},
{
"id": "AwsSolutions-CFR1",
"reason": "The solution does not control geo restriction.",
},
{
"id": "AwsSolutions-CFR2",
"reason": "No need to enable WAF.",
},
{
"id": "AwsSolutions-CFR4",
"reason": "No control on the solution side as it is using the CloudFront default certificate.",
},
],
},
"cfn_nag": {
"rules_to_suppress": [
{
"id": "W35",
"reason": "This S3 bucket is used as the access logging bucket for CloudFront Distribution",
},
],
},
},
"Properties": {
"AccessControl": "LogDeliveryWrite",
"BucketEncryption": {
"ServerSideEncryptionConfiguration": [
{
"ServerSideEncryptionByDefault": {
"SSEAlgorithm": "AES256",
},
},
],
},
"OwnershipControls": {
"Rules": [
{
"ObjectOwnership": "ObjectWriter",
},
],
},
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": true,
"RestrictPublicBuckets": true,
},
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
"VersioningConfiguration": {
"Status": "Enabled",
},
},
"Type": "AWS::S3::Bucket",
"UpdateReplacePolicy": "Retain",
},
"FrontEndDistributionToS3CloudfrontLoggingBucketPolicy9221CD18": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-S1",
"reason": "The bucket doesn't have server access logs enabled because it is a logging bucket itself",
},
{
"id": "AwsSolutions-CFR1",
"reason": "The solution does not control geo restriction.",
},
{
"id": "AwsSolutions-CFR2",
"reason": "No need to enable WAF.",
},
{
"id": "AwsSolutions-CFR4",
"reason": "No control on the solution side as it is using the CloudFront default certificate.",
},
],
},
},
"Properties": {
"Bucket": {
"Ref": "FrontEndDistributionToS3CloudfrontLoggingBucket7A3EE857",
},
"PolicyDocument": {
"Statement": [
{
"Action": "s3:*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false",
},
},
"Effect": "Deny",
"Principal": {
"AWS": "*",
},
"Resource": [
{
"Fn::GetAtt": [
"FrontEndDistributionToS3CloudfrontLoggingBucket7A3EE857",
"Arn",
],
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"FrontEndDistributionToS3CloudfrontLoggingBucket7A3EE857",
"Arn",
],
},
"/*",
],
],
},
],
},
],
"Version": "2012-10-17",
},
},
"Type": "AWS::S3::BucketPolicy",
},
"FrontEndDistributionToS3S3Bucket3A171D78": {
"DeletionPolicy": "Retain",
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-S1",
"reason": "The bucket doesn't have server access logs enabled because it is a logging bucket itself",
},
{
"id": "AwsSolutions-CFR1",
"reason": "The solution does not control geo restriction.",
},
{
"id": "AwsSolutions-CFR2",
"reason": "No need to enable WAF.",
},
{
"id": "AwsSolutions-CFR4",
"reason": "No control on the solution side as it is using the CloudFront default certificate.",
},
],
},
},
"Properties": {
"AccessControl": "Private",
"BucketEncryption": {
"ServerSideEncryptionConfiguration": [
{
"ServerSideEncryptionByDefault": {
"SSEAlgorithm": "AES256",
},
},
],
},
"LifecycleConfiguration": {
"Rules": [
{
"NoncurrentVersionTransitions": [
{
"StorageClass": "GLACIER",
"TransitionInDays": 90,
},
],
"Status": "Enabled",
},
],
},
"LoggingConfiguration": {
"DestinationBucketName": {
"Ref": "FrontEndDistributionToS3S3LoggingBucket2066AAC9",
},
},
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": true,
"RestrictPublicBuckets": true,
},
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
"VersioningConfiguration": {
"Status": "Enabled",
},
},
"Type": "AWS::S3::Bucket",
"UpdateReplacePolicy": "Retain",
},
"FrontEndDistributionToS3S3BucketPolicyF3A0315A": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-S1",
"reason": "The bucket doesn't have server access logs enabled because it is a logging bucket itself",
},
{
"id": "AwsSolutions-CFR1",
"reason": "The solution does not control geo restriction.",
},
{
"id": "AwsSolutions-CFR2",
"reason": "No need to enable WAF.",
},
{
"id": "AwsSolutions-CFR4",
"reason": "No control on the solution side as it is using the CloudFront default certificate.",
},
],
},
"cfn_nag": {
"rules_to_suppress": [
{
"id": "F16",
"reason": "Public website bucket policy requires a wildcard principal",
},
],
},
},
"Properties": {
"Bucket": {
"Ref": "FrontEndDistributionToS3S3Bucket3A171D78",
},
"PolicyDocument": {
"Statement": [
{
"Action": "s3:*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false",
},
},
"Effect": "Deny",
"Principal": {
"AWS": "*",
},
"Resource": [
{
"Fn::GetAtt": [
"FrontEndDistributionToS3S3Bucket3A171D78",
"Arn",
],
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"FrontEndDistributionToS3S3Bucket3A171D78",
"Arn",
],
},
"/*",
],
],
},
],
},
{
"Action": "s3:GetObject",
"Effect": "Allow",
"Principal": {
"CanonicalUser": {
"Fn::GetAtt": [
"FrontEndDistributionToS3CloudFrontDistributionOrigin1S3OriginD10E575E",
"S3CanonicalUserId",
],
},
},
"Resource": {
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"FrontEndDistributionToS3S3Bucket3A171D78",
"Arn",
],
},
"/*",
],
],
},
},
],
"Version": "2012-10-17",
},
},
"Type": "AWS::S3::BucketPolicy",
},
"FrontEndDistributionToS3S3LoggingBucket2066AAC9": {
"DeletionPolicy": "Retain",
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-S1",
"reason": "The bucket doesn't have server access logs enabled because it is a logging bucket itself",
},
{
"id": "AwsSolutions-CFR1",
"reason": "The solution does not control geo restriction.",
},
{
"id": "AwsSolutions-CFR2",
"reason": "No need to enable WAF.",
},
{
"id": "AwsSolutions-CFR4",
"reason": "No control on the solution side as it is using the CloudFront default certificate.",
},
],
},
"cfn_nag": {
"rules_to_suppress": [
{
"id": "W35",
"reason": "This S3 bucket is used as the access logging bucket for another bucket",
},
],
},
},
"Properties": {
"BucketEncryption": {
"ServerSideEncryptionConfiguration": [
{
"ServerSideEncryptionByDefault": {
"SSEAlgorithm": "AES256",
},
},
],
},
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": true,
"RestrictPublicBuckets": true,
},
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
"VersioningConfiguration": {
"Status": "Enabled",
},
},
"Type": "AWS::S3::Bucket",
"UpdateReplacePolicy": "Retain",
},
"FrontEndDistributionToS3S3LoggingBucketPolicyC8D5AA8B": {
"Metadata": {
"cdk_nag": {
"rules_to_suppress": [
{
"id": "AwsSolutions-S1",
"reason": "The bucket doesn't have server access logs enabled because it is a logging bucket itself",
},
{
"id": "AwsSolutions-CFR1",
"reason": "The solution does not control geo restriction.",
},
{
"id": "AwsSolutions-CFR2",
"reason": "No need to enable WAF.",
},
{
"id": "AwsSolutions-CFR4",
"reason": "No control on the solution side as it is using the CloudFront default certificate.",
},
],
},
},
"Properties": {
"Bucket": {
"Ref": "FrontEndDistributionToS3S3LoggingBucket2066AAC9",
},
"PolicyDocument": {
"Statement": [
{
"Action": "s3:*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false",
},
},
"Effect": "Deny",
"Principal": {
"AWS": "*",
},
"Resource": [
{
"Fn::GetAtt": [
"FrontEndDistributionToS3S3LoggingBucket2066AAC9",
"Arn",
],
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"FrontEndDistributionToS3S3LoggingBucket2066AAC9",
"Arn",
],
},
"/*",
],
],
},
],
},
{
"Action": "s3:PutObject",
"Condition": {
"ArnLike": {
"aws:SourceArn": {
"Fn::GetAtt": [
"FrontEndDistributionToS3S3Bucket3A171D78",
"Arn",
],
},
},
"StringEquals": {
"aws:SourceAccount": {
"Ref": "AWS::AccountId",
},
},
},
"Effect": "Allow",
"Principal": {
"Service": "logging.s3.amazonaws.com",
},
"Resource": {
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"FrontEndDistributionToS3S3LoggingBucket2066AAC9",
"Arn",
],
},
"/*",
],
],
},
},
],
"Version": "2012-10-17",
},
},
"Type": "AWS::S3::BucketPolicy",
},
"FrontEndIdentityPoolRole3B0EF954": {
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"ForAnyValue:StringLike": {
"cognito-identity.amazonaws.com:amr": "authenticated",
},
"StringEquals": {
"cognito-identity.amazonaws.com:aud": {
"Ref": "FrontEndCognitoIdentityPool0FC7D25D",
},
},
},
"Effect": "Allow",
"Principal": {
"Federated": "cognito-identity.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
"Description": "Identity Pool Authenticated Role for AVA Test",
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
},
"Type": "AWS::IAM::Role",
},
"FrontEndIdentityPoolRoleAttachmentE2CDACAA": {
"Properties": {
"IdentityPoolId": {
"Ref": "FrontEndCognitoIdentityPool0FC7D25D",
},
"Roles": {
"authenticated": {
"Fn::GetAtt": [
"FrontEndIdentityPoolRole3B0EF954",
"Arn",
],
},
},
},
"Type": "AWS::Cognito::IdentityPoolRoleAttachment",
},
"FrontEndPutWebsiteConfigWithOAuthA1FE51D9": {
"Condition": "FrontEndCognitoSAMLConditionCF14CDB1",
"DeletionPolicy": "Delete",
"DependsOn": [
"CommonResourcesSolutionHelperPutWebsiteConfig282170FD",
],
"Properties": {
"Action": "PUT_WEBSITE_CONFIG",
"AndonWebsiteConfig": {
"aws_appsync_authenticationType": "AMAZON_COGNITO_USER_POOLS",
"aws_appsync_graphqlEndpoint": {
"Fn::GetAtt": [
"BackEndAppSyncApiGraphqlApi7F48FCAE",
"GraphQLUrl",
],
},
"aws_appsync_region": {
"Ref": "AWS::Region",
},
"aws_cognito_identity_pool_id": {
"Ref": "FrontEndCognitoIdentityPool0FC7D25D",
},
"aws_cognito_region": {
"Ref": "AWS::Region",
},
"aws_iot_endpoint": {
"Fn::Join": [
"",
[
"wss://",
{
"Fn::GetAtt": [
"CommonResourcesSolutionHelperGenerateSolutionConstants3C90DC87",
"IotEndpointAddress",
],
},
],
],
},
"aws_iot_policy_name": {
"Ref": "BackEndIoTResourcePolicyE7BCF8FC",
},
"aws_project_region": {
"Ref": "AWS::Region",
},
"aws_user_pools_id": {
"Ref": "FrontEndCognitoUserPoolFCECA826",
},
"aws_user_pools_web_client_id": {
"Ref": "FrontEndCognitoUserPoolClientD6B239B2",
},
"default_language": {
"Ref": "DefaultLanguage",
},
"oauth": {
"domain": {
"Fn::Join": [
"",
[
{
"Ref": "FrontEndUserPoolDomain4D30EABB",
},
".auth.",
{
"Ref": "AWS::Region",
},
".amazoncognito.com",
],
],
},
"redirectSignIn": {
"Fn::Join": [
"",
[
"https://",
{
"Fn::GetAtt": [
"FrontEndDistributionToS3CloudFrontDistribution15FE13D0",
"DomainName",
],
},
"/",
],
],
},
"redirectSignOut": {
"Fn::Join": [
"",
[
"https://",
{
"Fn::GetAtt": [
"FrontEndDistributionToS3CloudFrontDistribution15FE13D0",
"DomainName",
],
},
"/",
],
],
},
"responseType": "code",
"scope": [
"phone",
"email",
"openid",
"profile",
"aws.cognito.signin.user.admin",
],
},
"solutions_metrics_endpoint": "https://metrics.awssolutionsbuilder.com/page",
"solutions_send_metrics": {
"Fn::FindInMap": [
"Solution",
"Config",
"AnonymousUsage",
],
},
"solutions_solutionId": "SOxyz",
"solutions_solutionUuId": {
"Fn::GetAtt": [
"CommonResourcesSolutionHelperGenerateSolutionConstants3C90DC87",
"AnonymousDataUUID",
],
},
"solutions_version": "v3.0.1",
"website_bucket": {
"Ref": "FrontEndDistributionToS3S3Bucket3A171D78",
},
},
"AndonWebsiteConfigFileBaseName": "andon_config",
"S3Bucket": {
"Ref": "FrontEndDistributionToS3S3Bucket3A171D78",
},
"ServiceToken": {
"Fn::GetAtt": [
"CommonResourcesSolutionHelperSolutionHelperFunctionAFC2CF30",
"Arn",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"FrontEndUserPoolAdminGroupF95B2095": {
"Properties": {
"Description": "Admin group for Amazon Virtual Andon",
"GroupName": "AdminGroup",
"Precedence": 0,
"UserPoolId": {
"Ref": "FrontEndCognitoUserPoolFCECA826",
},
},
"Type": "AWS::Cognito::UserPoolGroup",
},
"FrontEndUserPoolAssociateGroupE20CCB2B": {
"Properties": {
"Description": "Associate group for Amazon Virtual Andon",
"GroupName": "AssociateGroup",
"Precedence": 2,
"UserPoolId": {
"Ref": "FrontEndCognitoUserPoolFCECA826",
},
},
"Type": "AWS::Cognito::UserPoolGroup",
},
"FrontEndUserPoolDomain4D30EABB": {
"Condition": "FrontEndCognitoDomainPrefixConditionABB3BBB6",
"Properties": {
"Domain": {
"Ref": "CognitoDomainPrefixParameter",
},
"UserPoolId": {
"Ref": "FrontEndCognitoUserPoolFCECA826",
},
},
"Type": "AWS::Cognito::UserPoolDomain",
},
"FrontEndUserPoolEngineerGroup63920F66": {
"Properties": {
"Description": "Engineer group for Amazon Virtual Andon",
"GroupName": "EngineerGroup",
"Precedence": 3,
"UserPoolId": {
"Ref": "FrontEndCognitoUserPoolFCECA826",
},
},
"Type": "AWS::Cognito::UserPoolGroup",
},
"FrontEndUserPoolManagerGroup12099DAD": {
"Properties": {
"Description": "Manager group for Amazon Virtual Andon",
"GroupName": "ManagerGroup",
"Precedence": 1,
"UserPoolId": {
"Ref": "FrontEndCognitoUserPoolFCECA826",
},
},
"Type": "AWS::Cognito::UserPoolGroup",
},
"IssueNotificationTopic": {
"Properties": {
"DisplayName": "Amazon Virtual Andon Notifications",
"KmsMasterKeyId": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition",
},
":kms:",
{
"Ref": "AWS::Region",
},
":",
{
"Ref": "AWS::AccountId",
},
":alias/aws/sns",
],
],
},
"Tags": [
{
"Key": "SolutionId",
"Value": "SOxyz",
},
],
},
"Type": "AWS::SNS::Topic",
},
},
}
`;
exports[`utils 1`] = `
{
"Resources": {
"TestTable1": {
"Metadata": {
"cfn_nag": {
"rules_to_suppress": [
{
"id": "abc",
"reason": "mock reason",
},
{
"id": "xyz",
"reason": "mock reason",
},
],
},
},
"Type": "AWS::DynamoDB::Table",
},
"TestTable2BDBB502F": {
"DeletionPolicy": "Retain",
"Metadata": {
"cfn_nag": {
"rules_to_suppress": [
{
"id": "xyz",
"reason": "mock reason",
},
],
},
},
"Properties": {
"AttributeDefinitions": [
{
"AttributeName": "name",
"AttributeType": "S",
},
],
"KeySchema": [
{
"AttributeName": "name",
"KeyType": "HASH",
},
],
"ProvisionedThroughput": {
"ReadCapacityUnits": 5,
"WriteCapacityUnits": 5,
},
},
"Type": "AWS::DynamoDB::Table",
"UpdateReplacePolicy": "Retain",
},
},
}
`;