// Jest Snapshot v1, https://goo.gl/fbAQLP exports[`stack snapshots 1`] = ` Object { "Description": "(SO0190-CommonStack) - Automated Data Analytics on AWS. Version v1.2.0", "Outputs": Object { "AdaCommonStackAccessLogBucketB5B66FEDArn": Object { "Value": Object { "Fn::GetAtt": Array [ "AccessLogBucket", "Arn", ], }, }, "AdaCommonStackAccessLogBucketB5B66FEDRef": Object { "Value": Object { "Ref": "AccessLogBucket", }, }, "AdaCommonStackAccessLogBucketB5B66FEDRegionalDomainName": Object { "Value": Object { "Fn::GetAtt": Array [ "AccessLogBucket", "RegionalDomainName", ], }, }, "AdaCommonStackAthenaOutputBucketFB25B94DArn": Object { "Value": Object { "Fn::GetAtt": Array [ "AthenaOutputBucket", "Arn", ], }, }, "AdaCommonStackAthenaOutputBucketFB25B94DDomainName": Object { "Value": Object { "Fn::GetAtt": Array [ "AthenaOutputBucket", "DomainName", ], }, }, "AdaCommonStackAthenaOutputBucketFB25B94DRef": Object { "Value": Object { "Ref": "AthenaOutputBucket", }, }, "AdaCommonStackAthenaOutputBucketFB25B94DRegionalDomainName": Object { "Value": Object { "Fn::GetAtt": Array [ "AthenaOutputBucket", "RegionalDomainName", ], }, }, "AdaCommonStackCachedQueryTableADA4A480Arn": Object { "Value": Object { "Fn::GetAtt": Array [ "CachedQueryTable", "Arn", ], }, }, "AdaCommonStackCachedQueryTableADA4A480Ref": Object { "Value": Object { "Ref": "CachedQueryTable", }, }, "AdaCommonStackCounterTable5D6ADA16Arn": Object { "Value": Object { "Fn::GetAtt": Array [ "CounterTable", "Arn", ], }, }, "AdaCommonStackCounterTable5D6ADA16Ref": Object { "Value": Object { "Ref": "CounterTable", }, }, "AdaCommonStackEntityManagementTablesLocksC922FC29Arn": Object { "Value": Object { "Fn::GetAtt": Array [ "Locks", "Arn", ], }, }, "AdaCommonStackEntityManagementTablesLocksC922FC29Ref": Object { "Value": Object { "Ref": "Locks", }, }, "AdaCommonStackEntityManagementTablesRelationshipsAA870878Arn": Object { "Value": Object { "Fn::GetAtt": Array [ "Relationships", "Arn", ], }, }, "AdaCommonStackEntityManagementTablesRelationshipsAA870878Ref": Object { "Value": Object { "Ref": "Relationships", }, }, "AdaCommonStackExecuteAthenaQueryLambdaRole106600ADArn": Object { "Value": Object { "Fn::GetAtt": Array [ "ExecuteAthenaQueryLambdaRoleB59A4264", "Arn", ], }, }, "AdaCommonStackKeyInternalTokenE7D6550EArn": Object { "Value": Object { "Fn::GetAtt": Array [ "KeyInternalToken6B9BC430", "Arn", ], }, }, "AdaCommonStackKeyInternalTokenE7D6550ERef": Object { "Value": Object { "Ref": "KeyInternalToken6B9BC430", }, }, }, "Parameters": Object { "referencetoAdaKMSStackNestedStackKMSStackNestedStackResourceA6F3CE60OutputsAdaKMSStackKeyBucketKeyAthenaOutputBucket0D9D1563Arn": Object { "Type": "String", }, "referencetoAdaKMSStackNestedStackKMSStackNestedStackResourceA6F3CE60OutputsAdaKMSStackKeyTableCachedQueryTableFD9290A0Arn": Object { "Type": "String", }, "referencetoAdaKMSStackNestedStackKMSStackNestedStackResourceA6F3CE60OutputsAdaKMSStackKeyTableLocks696688D7Arn": Object { "Type": "String", }, "referencetoAdaKMSStackNestedStackKMSStackNestedStackResourceA6F3CE60OutputsAdaKMSStackKeyTableRelationships0CDF4443Arn": Object { "Type": "String", }, }, "Resources": Object { "AWS679F53Fac002430Cb0Da5B7982Bd22872D164C4C": Object { "DependsOn": Array [ "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", ], "Properties": Object { "Code": Object { "S3Bucket": "cdk-#####", "S3Key": "cdkhash######.zip", }, "Handler": "index.handler", "Role": Object { "Fn::GetAtt": Array [ "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", "Arn", ], }, "Runtime": "nodejs14.x", "Tags": Array [ Object { "Key": "Application", "Value": "Ada", }, ], "Timeout": 120, }, "Type": "AWS::Lambda::Function", }, "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, ], "Tags": Array [ Object { "Key": "Application", "Value": "Ada", }, ], }, "Type": "AWS::IAM::Role", }, "AccessLogBucket": Object { "DeletionPolicy": "Delete", "Metadata": Object { "cfn_nag": Object { "rules_to_suppress": Array [ Object { "id": "W35", "reason": "No need to enable access logs on the access log bucket!", }, ], }, }, "Properties": Object { "AccessControl": "LogDeliveryWrite", "BucketEncryption": Object { "ServerSideEncryptionConfiguration": Array [ Object { "ServerSideEncryptionByDefault": Object { "SSEAlgorithm": "AES256", }, }, ], }, "OwnershipControls": Object { "Rules": Array [ Object { "ObjectOwnership": "BucketOwnerPreferred", }, ], }, "PublicAccessBlockConfiguration": Object { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, "Tags": Array [ Object { "Key": "Application", "Value": "Ada", }, Object { "Key": "aws-cdk:auto-delete-objects", "Value": "true", }, ], "VersioningConfiguration": Object { "Status": "Enabled", }, }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Delete", }, "AccessLogBucketAutoDeleteObjectsCustomResource01AB31E8": Object { "DeletionPolicy": "Delete", "DependsOn": Array [ "AccessLogBucketPolicyF52D2D01", ], "Properties": Object { "BucketName": Object { "Ref": "AccessLogBucket", }, "ServiceToken": Object { "Fn::GetAtt": Array [ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", "Arn", ], }, }, "Type": "Custom::S3AutoDeleteObjects", "UpdateReplacePolicy": "Delete", }, "AccessLogBucketPolicyF52D2D01": Object { "Properties": Object { "Bucket": Object { "Ref": "AccessLogBucket", }, "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:*", "Condition": Object { "Bool": Object { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": Object { "AWS": "*", }, "Resource": Array [ Object { "Fn::GetAtt": Array [ "AccessLogBucket", "Arn", ], }, Object { "Fn::Join": Array [ "", Array [ Object { "Fn::GetAtt": Array [ "AccessLogBucket", "Arn", ], }, "/*", ], ], }, ], }, Object { "Action": Array [ "s3:GetBucket*", "s3:List*", "s3:DeleteObject*", ], "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::GetAtt": Array [ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", "Arn", ], }, }, "Resource": Array [ Object { "Fn::GetAtt": Array [ "AccessLogBucket", "Arn", ], }, Object { "Fn::Join": Array [ "", Array [ Object { "Fn::GetAtt": Array [ "AccessLogBucket", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, }, "Type": "AWS::S3::BucketPolicy", }, "AppRegistryAssociation": Object { "Properties": Object { "Application": Object { "Fn::Join": Array [ "-", Array [ "Automated-Data-Analysis-on-AWS", Object { "Ref": "AWS::Region", }, Object { "Ref": "AWS::AccountId", }, ], ], }, "Resource": Object { "Ref": "AWS::StackId", }, "ResourceType": "CFN_STACK", }, "Type": "AWS::ServiceCatalogAppRegistry::ResourceAssociation", }, "AthenaOutputBucket": Object { "DeletionPolicy": "Delete", "Properties": Object { "BucketEncryption": Object { "ServerSideEncryptionConfiguration": Array [ Object { "ServerSideEncryptionByDefault": Object { "KMSMasterKeyID": Object { "Ref": "referencetoAdaKMSStackNestedStackKMSStackNestedStackResourceA6F3CE60OutputsAdaKMSStackKeyBucketKeyAthenaOutputBucket0D9D1563Arn", }, "SSEAlgorithm": "aws:kms", }, }, ], }, "LoggingConfiguration": Object { "DestinationBucketName": Object { "Ref": "AccessLogBucket", }, "LogFilePrefix": "athena-output-logs/", }, "PublicAccessBlockConfiguration": Object { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, "Tags": Array [ Object { "Key": "Application", "Value": "Ada", }, Object { "Key": "aws-cdk:auto-delete-objects", "Value": "true", }, ], "VersioningConfiguration": Object { "Status": "Enabled", }, }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Delete", }, "AthenaOutputBucketAutoDeleteObjectsCustomResource6478248F": Object { "DeletionPolicy": "Delete", "DependsOn": Array [ "AthenaOutputBucketPolicyFC31EEB8", ], "Properties": Object { "BucketName": Object { "Ref": "AthenaOutputBucket", }, "ServiceToken": Object { "Fn::GetAtt": Array [ "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", "Arn", ], }, }, "Type": "Custom::S3AutoDeleteObjects", "UpdateReplacePolicy": "Delete", }, "AthenaOutputBucketPolicyFC31EEB8": Object { "Properties": Object { "Bucket": Object { "Ref": "AthenaOutputBucket", }, "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:*", "Condition": Object { "Bool": Object { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": Object { "AWS": "*", }, "Resource": Array [ Object { "Fn::GetAtt": Array [ "AthenaOutputBucket", "Arn", ], }, Object { "Fn::Join": Array [ "", Array [ Object { "Fn::GetAtt": Array [ "AthenaOutputBucket", "Arn", ], }, "/*", ], ], }, ], }, Object { "Action": Array [ "s3:GetBucket*", "s3:List*", "s3:DeleteObject*", ], "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::GetAtt": Array [ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", "Arn", ], }, }, "Resource": Array [ Object { "Fn::GetAtt": Array [ "AthenaOutputBucket", "Arn", ], }, Object { "Fn::Join": Array [ "", Array [ Object { "Fn::GetAtt": Array [ "AthenaOutputBucket", "Arn", ], }, "/*", ], ], }, ], }, Object { "Action": Array [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", "s3:PutObjectVersionTagging", "s3:Abort*", ], "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::GetAtt": Array [ "ExecuteAthenaQueryLambdaRoleB59A4264", "Arn", ], }, }, "Resource": Array [ Object { "Fn::GetAtt": Array [ "AthenaOutputBucket", "Arn", ], }, Object { "Fn::Join": Array [ "", Array [ Object { "Fn::GetAtt": Array [ "AthenaOutputBucket", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, }, "Type": "AWS::S3::BucketPolicy", }, "CachedQueryTable": Object { "DeletionPolicy": "Delete", "Properties": Object { "AttributeDefinitions": Array [ Object { "AttributeName": "cacheId", "AttributeType": "S", }, ], "BillingMode": "PAY_PER_REQUEST", "KeySchema": Array [ Object { "AttributeName": "cacheId", "KeyType": "HASH", }, ], "PointInTimeRecoverySpecification": Object { "PointInTimeRecoveryEnabled": true, }, "SSESpecification": Object { "KMSMasterKeyId": Object { "Ref": "referencetoAdaKMSStackNestedStackKMSStackNestedStackResourceA6F3CE60OutputsAdaKMSStackKeyTableCachedQueryTableFD9290A0Arn", }, "SSEEnabled": true, "SSEType": "KMS", }, "Tags": Array [ Object { "Key": "Application", "Value": "Ada", }, ], }, "Type": "AWS::DynamoDB::Table", "UpdateReplacePolicy": "Delete", }, "CachedQueryTableCounterInitialization24FDD65F": Object { "DeletionPolicy": "Delete", "DependsOn": Array [ "CachedQueryTableCounterInitializationCustomResourcePolicyBDD82FD8", ], "Properties": Object { "Create": Object { "Fn::Join": Array [ "", Array [ "{\\"service\\":\\"DynamoDB\\",\\"action\\":\\"putItem\\",\\"parameters\\":{\\"TableName\\":\\"", Object { "Ref": "CounterTable", }, "\\",\\"Item\\":{\\"tableName\\":{\\"S\\":\\"", Object { "Ref": "CachedQueryTable", }, "\\"},\\"count\\":{\\"N\\":\\"0\\"}}},\\"physicalResourceId\\":{\\"id\\":\\"CachedQueryTable-9658\\"}}", ], ], }, "InstallLatestAwsSdk": true, "ServiceToken": Object { "Fn::GetAtt": Array [ "AWS679F53Fac002430Cb0Da5B7982Bd22872D164C4C", "Arn", ], }, }, "Type": "Custom::AWS", "UpdateReplacePolicy": "Delete", }, "CachedQueryTableCounterInitializationCustomResourcePolicyBDD82FD8": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "dynamodb:PutItem", "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "CounterTable", "Arn", ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "CachedQueryTableCounterInitializationCustomResourcePolicyBDD82FD8", "Roles": Array [ Object { "Ref": "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", }, ], }, "Type": "AWS::IAM::Policy", }, "CounterTable": Object { "DeletionPolicy": "Delete", "Properties": Object { "AttributeDefinitions": Array [ Object { "AttributeName": "tableName", "AttributeType": "S", }, ], "BillingMode": "PAY_PER_REQUEST", "KeySchema": Array [ Object { "AttributeName": "tableName", "KeyType": "HASH", }, ], "PointInTimeRecoverySpecification": Object { "PointInTimeRecoveryEnabled": true, }, "SSESpecification": Object { "SSEEnabled": true, }, "Tags": Array [ Object { "Key": "Application", "Value": "Ada", }, ], }, "Type": "AWS::DynamoDB::Table", "UpdateReplacePolicy": "Delete", }, "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": Object { "DependsOn": Array [ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", ], "Properties": Object { "Code": Object { "S3Bucket": "cdk-#####", "S3Key": "cdkhash######.zip", }, "Description": Object { "Fn::Join": Array [ "", Array [ "Lambda function for auto-deleting objects in ", Object { "Ref": "AccessLogBucket", }, " S3 bucket.", ], ], }, "Handler": "__entrypoint__.handler", "MemorySize": 128, "Role": Object { "Fn::GetAtt": Array [ "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", "Arn", ], }, "Runtime": "nodejs14.x", "Timeout": 900, }, "Type": "AWS::Lambda::Function", }, "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Sub": "arn:\${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", }, ], }, "Type": "AWS::IAM::Role", }, "ExecuteAthenaQueryLambdaRoleB59A4264": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::1111111111:root", ], ], }, }, }, Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, Object { "Action": "sts:TagSession", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::1111111111:root", ], ], }, }, }, ], "Version": "2012-10-17", }, "Description": "Role created by data product service to be assumed by athena query executor Lambda", "Tags": Array [ Object { "Key": "Application", "Value": "Ada", }, ], }, "Type": "AWS::IAM::Role", }, "ExecuteAthenaQueryLambdaRoleDefaultPolicy7AAE8659": Object { "Metadata": Object { "cfn_nag": Object { "rules_to_suppress": Array [ Object { "id": "W12", "reason": "Read access to all S3 buckets granted since dynamic grants limit number of data products significantly", }, ], }, }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "s3:List*", "s3:Get*", "s3:Describe*", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "kms:Decrypt*", "kms:Encrypt*", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:Describe*", "kms:List*", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", "s3:PutObjectVersionTagging", "s3:Abort*", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::GetAtt": Array [ "AthenaOutputBucket", "Arn", ], }, Object { "Fn::Join": Array [ "", Array [ Object { "Fn::GetAtt": Array [ "AthenaOutputBucket", "Arn", ], }, "/*", ], ], }, ], }, Object { "Action": Array [ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", "kms:ReEncrypt*", "kms:GenerateDataKey*", ], "Effect": "Allow", "Resource": Object { "Ref": "referencetoAdaKMSStackNestedStackKMSStackNestedStackResourceA6F3CE60OutputsAdaKMSStackKeyBucketKeyAthenaOutputBucket0D9D1563Arn", }, }, ], "Version": "2012-10-17", }, "PolicyName": "ExecuteAthenaQueryLambdaRoleDefaultPolicy7AAE8659", "Roles": Array [ Object { "Ref": "ExecuteAthenaQueryLambdaRoleB59A4264", }, ], }, "Type": "AWS::IAM::Policy", }, "InternalTokenSecrectInstance19AEE18E": Object { "DeletionPolicy": "Delete", "Properties": Object { "ServiceToken": Object { "Fn::GetAtt": Array [ "InternalTokenSecrectProviderFrameworkOnEvent8545A5CC", "Arn", ], }, }, "Type": "AWS::CloudFormation::CustomResource", "UpdateReplacePolicy": "Delete", }, "InternalTokenSecrectProviderFrameworkOnEvent8545A5CC": Object { "DependsOn": Array [ "InternalTokenSecrectProviderframeworkonEventServiceRoleDefaultPolicy79235001", "InternalTokenSecrectProviderframeworkonEventServiceRoleFAE0E56A", ], "Properties": Object { "Code": Object { "S3Bucket": "cdk-#####", "S3Key": "cdkhash######.zip", }, "Description": "AWS CDK resource provider framework - onEvent (Ada/CommonStack/InternalToken/Secrect/Provider)", "Environment": Object { "Variables": Object { "USER_ON_EVENT_FUNCTION_ARN": Object { "Fn::GetAtt": Array [ "InternalTokenSecrectWriteLambdaF5EC2E48", "Arn", ], }, }, }, "Handler": "framework.onEvent", "Role": Object { "Fn::GetAtt": Array [ "InternalTokenSecrectProviderframeworkonEventServiceRoleFAE0E56A", "Arn", ], }, "Runtime": "nodejs14.x", "Tags": Array [ Object { "Key": "Application", "Value": "Ada", }, ], "Timeout": 900, }, "Type": "AWS::Lambda::Function", }, "InternalTokenSecrectProviderframeworkonEventServiceRoleDefaultPolicy79235001": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "lambda:InvokeFunction", "Effect": "Allow", "Resource": Array [ Object { "Fn::GetAtt": Array [ "InternalTokenSecrectWriteLambdaF5EC2E48", "Arn", ], }, Object { "Fn::Join": Array [ "", Array [ Object { "Fn::GetAtt": Array [ "InternalTokenSecrectWriteLambdaF5EC2E48", "Arn", ], }, ":*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "InternalTokenSecrectProviderframeworkonEventServiceRoleDefaultPolicy79235001", "Roles": Array [ Object { "Ref": "InternalTokenSecrectProviderframeworkonEventServiceRoleFAE0E56A", }, ], }, "Type": "AWS::IAM::Policy", }, "InternalTokenSecrectProviderframeworkonEventServiceRoleFAE0E56A": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, ], "Tags": Array [ Object { "Key": "Application", "Value": "Ada", }, ], }, "Type": "AWS::IAM::Role", }, "InternalTokenSecrectRotationLambdaB773FD59": Object { "DependsOn": Array [ "InternalTokenSecrectRotationLambdaServiceRoleDefaultPolicy7DDEA94B", "InternalTokenSecrectRotationLambdaServiceRole5FF40BED", ], "Properties": Object { "Architectures": Array [ "x86_64", ], "Code": Object { "S3Bucket": "cdk-#####", "S3Key": "cdkhash######.zip", }, "Description": "TypescriptFunction Ada/CommonStack/InternalToken/Secrect/RotationLambda of rotate-secret.ts", "Environment": Object { "Variables": Object { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", "KEY_ID": Object { "Ref": "KeyInternalToken6B9BC430", }, "SECRET_NAME": "sign-internal-token2855ghashx", }, }, "Handler": "index.handler", "MemorySize": 1024, "Role": Object { "Fn::GetAtt": Array [ "InternalTokenSecrectRotationLambdaServiceRole5FF40BED", "Arn", ], }, "Runtime": "nodejs16.x", "Tags": Array [ Object { "Key": "Application", "Value": "Ada", }, ], "Timeout": 30, "TracingConfig": Object { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, "InternalTokenSecrectRotationLambdaInvokeN0A2GKfZP0JmDqDEVhhu6A0TUv3NyNbk4YMFKNc83FC692A": Object { "Properties": Object { "Action": "lambda:InvokeFunction", "FunctionName": Object { "Fn::GetAtt": Array [ "InternalTokenSecrectRotationLambdaB773FD59", "Arn", ], }, "Principal": "secretsmanager.amazonaws.com", }, "Type": "AWS::Lambda::Permission", }, "InternalTokenSecrectRotationLambdaServiceRole5FF40BED": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, ], "Tags": Array [ Object { "Key": "Application", "Value": "Ada", }, ], }, "Type": "AWS::IAM::Role", }, "InternalTokenSecrectRotationLambdaServiceRoleDefaultPolicy7DDEA94B": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "kms:GenerateDataKey", "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "KeyInternalToken6B9BC430", "Arn", ], }, }, Object { "Action": Array [ "secretsManager:GetSecretValue", "secretsManager:PutSecretValue", "secretsManager:DescribeSecret", "secretsManager:UpdateSecretVersionStage", ], "Effect": "Allow", "Resource": Object { "Ref": "InternalTokenSecrectSecret3C76F640", }, }, Object { "Action": Array [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue", "secretsmanager:UpdateSecretVersionStage", ], "Effect": "Allow", "Resource": Object { "Ref": "InternalTokenSecrectSecret3C76F640", }, }, Object { "Action": "secretsmanager:GetRandomPassword", "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "InternalTokenSecrectRotationLambdaServiceRoleDefaultPolicy7DDEA94B", "Roles": Array [ Object { "Ref": "InternalTokenSecrectRotationLambdaServiceRole5FF40BED", }, ], }, "Type": "AWS::IAM::Policy", }, "InternalTokenSecrectSecret3C76F640": Object { "DeletionPolicy": "Delete", "Properties": Object { "GenerateSecretString": Object {}, "KmsKeyId": Object { "Fn::GetAtt": Array [ "KeyInternalToken6B9BC430", "Arn", ], }, "Name": "sign-internal-token2855ghashx", "Tags": Array [ Object { "Key": "Application", "Value": "Ada", }, ], }, "Type": "AWS::SecretsManager::Secret", "UpdateReplacePolicy": "Delete", }, "InternalTokenSecrectSecretAutoRotateSecret83D34BCD": Object { "Properties": Object { "RotationLambdaARN": Object { "Fn::GetAtt": Array [ "InternalTokenSecrectRotationLambdaB773FD59", "Arn", ], }, "RotationRules": Object { "AutomaticallyAfterDays": 90, }, "SecretId": Object { "Ref": "InternalTokenSecrectSecret3C76F640", }, }, "Type": "AWS::SecretsManager::RotationSchedule", }, "InternalTokenSecrectSecretPolicyAB1E82DC": Object { "Properties": Object { "ResourcePolicy": Object { "Statement": Array [ Object { "Action": "secretsmanager:DeleteSecret", "Effect": "Deny", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::1111111111:root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, "SecretId": Object { "Ref": "InternalTokenSecrectSecret3C76F640", }, }, "Type": "AWS::SecretsManager::ResourcePolicy", }, "InternalTokenSecrectWriteLambdaF5EC2E48": Object { "DependsOn": Array [ "InternalTokenSecrectWriteLambdaServiceRoleDefaultPolicy0226AC16", "InternalTokenSecrectWriteLambdaServiceRoleA6E80932", ], "Properties": Object { "Architectures": Array [ "x86_64", ], "Code": Object { "S3Bucket": "cdk-#####", "S3Key": "cdkhash######.zip", }, "Description": "TypescriptFunction Ada/CommonStack/InternalToken/Secrect/WriteLambda of write-secret.ts", "Environment": Object { "Variables": Object { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", "KEY_ID": Object { "Ref": "KeyInternalToken6B9BC430", }, "SECRET_NAME": "sign-internal-token2855ghashx", }, }, "Handler": "index.handler", "MemorySize": 1024, "Role": Object { "Fn::GetAtt": Array [ "InternalTokenSecrectWriteLambdaServiceRoleA6E80932", "Arn", ], }, "Runtime": "nodejs16.x", "Tags": Array [ Object { "Key": "Application", "Value": "Ada", }, ], "Timeout": 30, "TracingConfig": Object { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, "InternalTokenSecrectWriteLambdaServiceRoleA6E80932": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, ], "Tags": Array [ Object { "Key": "Application", "Value": "Ada", }, ], }, "Type": "AWS::IAM::Role", }, "InternalTokenSecrectWriteLambdaServiceRoleDefaultPolicy0226AC16": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "kms:GenerateDataKey", "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "KeyInternalToken6B9BC430", "Arn", ], }, }, Object { "Action": Array [ "secretsManager:GetSecretValue", "secretsManager:PutSecretValue", ], "Effect": "Allow", "Resource": Object { "Ref": "InternalTokenSecrectSecret3C76F640", }, }, Object { "Action": Array [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "InternalTokenSecrectWriteLambdaServiceRoleDefaultPolicy0226AC16", "Roles": Array [ Object { "Ref": "InternalTokenSecrectWriteLambdaServiceRoleA6E80932", }, ], }, "Type": "AWS::IAM::Policy", }, "KeyInternalToken6B9BC430": Object { "DeletionPolicy": "Delete", "Metadata": Object { "cfn_nag": Object { "rules_to_suppress": Array [ Object { "id": "W12", "reason": "kms:* and account principal required to prevent cirucular dependencies and to prevent unmanageable keys - recommended https://github.com/aws/aws-cdk/tree/main/packages/%40aws-cdk/aws-kms#key-policies", }, ], }, }, "Properties": Object { "EnableKeyRotation": true, "KeyPolicy": Object { "Statement": Array [ Object { "Action": "kms:*", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::1111111111:root", ], ], }, }, "Resource": "*", }, Object { "Action": Array [ "kms:Decrypt", "kms:Encrypt", "kms:ReEncrypt*", "kms:GenerateDataKey*", ], "Condition": Object { "StringEquals": Object { "kms:ViaService": "secretsmanager.ap-southeast-1.amazonaws.com", }, }, "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::1111111111:root", ], ], }, }, "Resource": "*", }, Object { "Action": Array [ "kms:CreateGrant", "kms:DescribeKey", ], "Condition": Object { "StringEquals": Object { "kms:ViaService": "secretsmanager.ap-southeast-1.amazonaws.com", }, }, "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::1111111111:root", ], ], }, }, "Resource": "*", }, Object { "Action": Array [ "kms:Decrypt", "kms:Encrypt", "kms:ReEncrypt*", "kms:GenerateDataKey*", ], "Condition": Object { "StringEquals": Object { "kms:ViaService": "secretsmanager.ap-southeast-1.amazonaws.com", }, }, "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::GetAtt": Array [ "InternalTokenSecrectRotationLambdaServiceRole5FF40BED", "Arn", ], }, }, "Resource": "*", }, Object { "Action": "kms:Decrypt", "Condition": Object { "StringEquals": Object { "kms:CallerAccount": "1111111111", }, }, "Effect": "Allow", "Principal": Object { "AWS": "arn:aws:iam::1111111111:root", "Service": "lambda.amazonaws.com", }, "Resource": "*", }, ], "Version": "2012-10-17", }, "Tags": Array [ Object { "Key": "Application", "Value": "Ada", }, ], }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Delete", }, "KeyInternalTokenAlias4403EE9E": Object { "Properties": Object { "AliasName": "alias/ada/internal-token/ghashx", "TargetKeyId": Object { "Fn::GetAtt": Array [ "KeyInternalToken6B9BC430", "Arn", ], }, }, "Type": "AWS::KMS::Alias", }, "Locks": Object { "DeletionPolicy": "Delete", "Properties": Object { "AttributeDefinitions": Array [ Object { "AttributeName": "entityIdentifier", "AttributeType": "S", }, ], "BillingMode": "PAY_PER_REQUEST", "KeySchema": Array [ Object { "AttributeName": "entityIdentifier", "KeyType": "HASH", }, ], "PointInTimeRecoverySpecification": Object { "PointInTimeRecoveryEnabled": true, }, "SSESpecification": Object { "KMSMasterKeyId": Object { "Ref": "referencetoAdaKMSStackNestedStackKMSStackNestedStackResourceA6F3CE60OutputsAdaKMSStackKeyTableLocks696688D7Arn", }, "SSEEnabled": true, "SSEType": "KMS", }, "Tags": Array [ Object { "Key": "Application", "Value": "Ada", }, ], }, "Type": "AWS::DynamoDB::Table", "UpdateReplacePolicy": "Delete", }, "Relationships": Object { "DeletionPolicy": "Delete", "Properties": Object { "AttributeDefinitions": Array [ Object { "AttributeName": "left", "AttributeType": "S", }, Object { "AttributeName": "right", "AttributeType": "S", }, ], "BillingMode": "PAY_PER_REQUEST", "KeySchema": Array [ Object { "AttributeName": "left", "KeyType": "HASH", }, Object { "AttributeName": "right", "KeyType": "RANGE", }, ], "PointInTimeRecoverySpecification": Object { "PointInTimeRecoveryEnabled": true, }, "SSESpecification": Object { "KMSMasterKeyId": Object { "Ref": "referencetoAdaKMSStackNestedStackKMSStackNestedStackResourceA6F3CE60OutputsAdaKMSStackKeyTableRelationships0CDF4443Arn", }, "SSEEnabled": true, "SSEType": "KMS", }, "Tags": Array [ Object { "Key": "Application", "Value": "Ada", }, ], }, "Type": "AWS::DynamoDB::Table", "UpdateReplacePolicy": "Delete", }, }, } `;