// Jest Snapshot v1, https://goo.gl/fbAQLP exports[`Test default s3-cloudtrail-eventbridge-lambda 1`] = ` { "Parameters": { "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2ArtifactHashA64CF354": { "Description": "Artifact hash for asset "01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2"", "Type": "String", }, "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2S3Bucket4324637E": { "Description": "S3 bucket for asset "01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2"", "Type": "String", }, "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2S3VersionKey24346418": { "Description": "S3 key for asset version "01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2"", "Type": "String", }, }, "Resources": { "testS3EventDLQ839BF4A0": { "DeletionPolicy": "Delete", "Properties": { "KmsMasterKeyId": "alias/aws/sqs", }, "Type": "AWS::SQS::Queue", "UpdateReplacePolicy": "Delete", }, "testS3EventDLQPolicy74E4AA3E": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": "sqs:SendMessage", "Condition": { "ArnEquals": { "aws:SourceArn": { "Fn::GetAtt": [ "testS3EventS3NotificatonRule8F37C4C1", "Arn", ], }, }, }, "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com", }, "Resource": { "Fn::GetAtt": [ "testS3EventDLQ839BF4A0", "Arn", ], }, "Sid": "AllowEventRuletestS3EventS3NotificatonRuleFB8B5F08", }, ], "Version": "2012-10-17", }, "Queues": [ { "Ref": "testS3EventDLQ839BF4A0", }, ], }, "Type": "AWS::SQS::QueuePolicy", }, "testS3EventLambdaFunction8AB33E25": { "DependsOn": [ "testS3EventLambdaFunctionServiceRoleDefaultPolicyA1097FFE", "testS3EventLambdaFunctionServiceRole6CCF554A", ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W58", "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", }, { "id": "W89", "reason": "This is not a rule for the general case, just for specific use cases/industries", }, { "id": "W92", "reason": "Impossible for us to define the correct concurrency for clients", }, ], }, }, "Properties": { "Code": { "S3Bucket": { "Ref": "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2S3Bucket4324637E", }, "S3Key": { "Fn::Join": [ "", [ { "Fn::Select": [ 0, { "Fn::Split": [ "||", { "Ref": "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2S3VersionKey24346418", }, ], }, ], }, { "Fn::Select": [ 1, { "Fn::Split": [ "||", { "Ref": "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2S3VersionKey24346418", }, ], }, ], }, ], ], }, }, "Handler": "lambda_function/handler", "Role": { "Fn::GetAtt": [ "testS3EventLambdaFunctionServiceRole6CCF554A", "Arn", ], }, "Runtime": "python3.9", "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, "testS3EventLambdaFunctionEventBusInvokeLambdaF35C0558": { "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "testS3EventLambdaFunction8AB33E25", "Arn", ], }, "Principal": "events.amazonaws.com", "SourceArn": { "Fn::GetAtt": [ "testS3EventS3NotificatonRule8F37C4C1", "Arn", ], }, }, "Type": "AWS::Lambda::Permission", }, "testS3EventLambdaFunctionServiceRole6CCF554A": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": [ { "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "LambdaFunctionServiceRolePolicy", }, ], }, "Type": "AWS::IAM::Role", }, "testS3EventLambdaFunctionServiceRoleDefaultPolicyA1097FFE": { "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "testS3EventS3Bucket525E215C", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "testS3EventS3Bucket525E215C", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "testS3EventLambdaFunctionServiceRoleDefaultPolicyA1097FFE", "Roles": [ { "Ref": "testS3EventLambdaFunctionServiceRole6CCF554A", }, ], }, "Type": "AWS::IAM::Policy", }, "testS3EventS3Bucket525E215C": { "DeletionPolicy": "Retain", "Properties": { "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256", }, }, ], }, "LifecycleConfiguration": { "Rules": [ { "NoncurrentVersionTransitions": [ { "StorageClass": "GLACIER", "TransitionInDays": 90, }, ], "Status": "Enabled", }, ], }, "LoggingConfiguration": { "LogFilePrefix": "testS3Event/", }, "NotificationConfiguration": { "EventBridgeConfiguration": { "EventBridgeEnabled": true, }, }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, "VersioningConfiguration": { "Status": "Enabled", }, }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "testS3EventS3BucketPolicy946F38A9": { "Properties": { "Bucket": { "Ref": "testS3EventS3Bucket525E215C", }, "PolicyDocument": { "Statement": [ { "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": { "AWS": "*", }, "Resource": [ { "Fn::GetAtt": [ "testS3EventS3Bucket525E215C", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "testS3EventS3Bucket525E215C", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, }, "Type": "AWS::S3::BucketPolicy", }, "testS3EventS3LoggingBucketC506C02D": { "DeletionPolicy": "Retain", "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W35", "reason": "This S3 bucket is used as the access logging bucket for another bucket", }, ], }, }, "Properties": { "AccessControl": "LogDeliveryWrite", "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256", }, }, ], }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, "VersioningConfiguration": { "Status": "Enabled", }, }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "testS3EventS3LoggingBucketPolicyA0414D81": { "Properties": { "Bucket": { "Ref": "testS3EventS3LoggingBucketC506C02D", }, "PolicyDocument": { "Statement": [ { "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": { "AWS": "*", }, "Resource": [ { "Fn::GetAtt": [ "testS3EventS3LoggingBucketC506C02D", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "testS3EventS3LoggingBucketC506C02D", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, }, "Type": "AWS::S3::BucketPolicy", }, "testS3EventS3NotificatonRule8F37C4C1": { "Properties": { "EventPattern": { "detail-type": [ "Object Created", ], "source": [ "aws.s3", ], }, "State": "ENABLED", "Targets": [ { "Arn": { "Fn::GetAtt": [ "testS3EventLambdaFunction8AB33E25", "Arn", ], }, "DeadLetterConfig": { "Arn": { "Fn::GetAtt": [ "testS3EventDLQ839BF4A0", "Arn", ], }, }, "Id": "Target0", "RetryPolicy": { "MaximumEventAgeInSeconds": 86400, "MaximumRetryAttempts": 10, }, }, ], }, "Type": "AWS::Events::Rule", }, "testS3EventS3NotificatonRuleAllowEventRuletestS3EventLambdaFunction52D821FDD9EA56B7": { "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "testS3EventLambdaFunction8AB33E25", "Arn", ], }, "Principal": "events.amazonaws.com", "SourceArn": { "Fn::GetAtt": [ "testS3EventS3NotificatonRule8F37C4C1", "Arn", ], }, }, "Type": "AWS::Lambda::Permission", }, }, } `; exports[`Test when an existing bucket is provided 1`] = ` { "Parameters": { "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2ArtifactHashA64CF354": { "Description": "Artifact hash for asset "01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2"", "Type": "String", }, "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2S3Bucket4324637E": { "Description": "S3 bucket for asset "01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2"", "Type": "String", }, "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2S3VersionKey24346418": { "Description": "S3 key for asset version "01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2"", "Type": "String", }, }, "Resources": { "testBucketDF4D7D1A": { "DeletionPolicy": "Retain", "Properties": { "BucketName": "testbucket", "NotificationConfiguration": { "EventBridgeConfiguration": { "EventBridgeEnabled": true, }, }, }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "testS3EventDLQ839BF4A0": { "DeletionPolicy": "Delete", "Properties": { "KmsMasterKeyId": "alias/aws/sqs", }, "Type": "AWS::SQS::Queue", "UpdateReplacePolicy": "Delete", }, "testS3EventDLQPolicy74E4AA3E": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": "sqs:SendMessage", "Condition": { "ArnEquals": { "aws:SourceArn": { "Fn::GetAtt": [ "testS3EventS3NotificatonRule8F37C4C1", "Arn", ], }, }, }, "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com", }, "Resource": { "Fn::GetAtt": [ "testS3EventDLQ839BF4A0", "Arn", ], }, "Sid": "AllowEventRuletestS3EventS3NotificatonRuleFB8B5F08", }, ], "Version": "2012-10-17", }, "Queues": [ { "Ref": "testS3EventDLQ839BF4A0", }, ], }, "Type": "AWS::SQS::QueuePolicy", }, "testS3EventLambdaFunction8AB33E25": { "DependsOn": [ "testS3EventLambdaFunctionServiceRoleDefaultPolicyA1097FFE", "testS3EventLambdaFunctionServiceRole6CCF554A", ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W58", "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", }, { "id": "W89", "reason": "This is not a rule for the general case, just for specific use cases/industries", }, { "id": "W92", "reason": "Impossible for us to define the correct concurrency for clients", }, ], }, }, "Properties": { "Code": { "S3Bucket": { "Ref": "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2S3Bucket4324637E", }, "S3Key": { "Fn::Join": [ "", [ { "Fn::Select": [ 0, { "Fn::Split": [ "||", { "Ref": "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2S3VersionKey24346418", }, ], }, ], }, { "Fn::Select": [ 1, { "Fn::Split": [ "||", { "Ref": "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2S3VersionKey24346418", }, ], }, ], }, ], ], }, }, "Handler": "lambda_function/handler", "Role": { "Fn::GetAtt": [ "testS3EventLambdaFunctionServiceRole6CCF554A", "Arn", ], }, "Runtime": "python3.9", "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, "testS3EventLambdaFunctionEventBusInvokeLambdaF35C0558": { "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "testS3EventLambdaFunction8AB33E25", "Arn", ], }, "Principal": "events.amazonaws.com", "SourceArn": { "Fn::GetAtt": [ "testS3EventS3NotificatonRule8F37C4C1", "Arn", ], }, }, "Type": "AWS::Lambda::Permission", }, "testS3EventLambdaFunctionServiceRole6CCF554A": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": [ { "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "LambdaFunctionServiceRolePolicy", }, ], }, "Type": "AWS::IAM::Role", }, "testS3EventLambdaFunctionServiceRoleDefaultPolicyA1097FFE": { "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "testBucketDF4D7D1A", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "testBucketDF4D7D1A", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "testS3EventLambdaFunctionServiceRoleDefaultPolicyA1097FFE", "Roles": [ { "Ref": "testS3EventLambdaFunctionServiceRole6CCF554A", }, ], }, "Type": "AWS::IAM::Policy", }, "testS3EventS3NotificatonRule8F37C4C1": { "Properties": { "EventPattern": { "detail-type": [ "Object Created", ], "source": [ "aws.s3", ], }, "State": "ENABLED", "Targets": [ { "Arn": { "Fn::GetAtt": [ "testS3EventLambdaFunction8AB33E25", "Arn", ], }, "DeadLetterConfig": { "Arn": { "Fn::GetAtt": [ "testS3EventDLQ839BF4A0", "Arn", ], }, }, "Id": "Target0", "RetryPolicy": { "MaximumEventAgeInSeconds": 86400, "MaximumRetryAttempts": 10, }, }, ], }, "Type": "AWS::Events::Rule", }, "testS3EventS3NotificatonRuleAllowEventRuletestS3EventLambdaFunction52D821FDD9EA56B7": { "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "testS3EventLambdaFunction8AB33E25", "Arn", ], }, "Principal": "events.amazonaws.com", "SourceArn": { "Fn::GetAtt": [ "testS3EventS3NotificatonRule8F37C4C1", "Arn", ], }, }, "Type": "AWS::Lambda::Permission", }, }, } `; exports[`Test when an existing lambda is provided 1`] = ` { "Parameters": { "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2ArtifactHashA64CF354": { "Description": "Artifact hash for asset "01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2"", "Type": "String", }, "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2S3Bucket4324637E": { "Description": "S3 bucket for asset "01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2"", "Type": "String", }, "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2S3VersionKey24346418": { "Description": "S3 key for asset version "01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2"", "Type": "String", }, }, "Resources": { "testS3EventDLQ839BF4A0": { "DeletionPolicy": "Delete", "Properties": { "KmsMasterKeyId": "alias/aws/sqs", }, "Type": "AWS::SQS::Queue", "UpdateReplacePolicy": "Delete", }, "testS3EventDLQPolicy74E4AA3E": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": "sqs:SendMessage", "Condition": { "ArnEquals": { "aws:SourceArn": { "Fn::GetAtt": [ "testS3EventS3NotificatonRule8F37C4C1", "Arn", ], }, }, }, "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com", }, "Resource": { "Fn::GetAtt": [ "testS3EventDLQ839BF4A0", "Arn", ], }, "Sid": "AllowEventRuletestS3EventS3NotificatonRuleFB8B5F08", }, ], "Version": "2012-10-17", }, "Queues": [ { "Ref": "testS3EventDLQ839BF4A0", }, ], }, "Type": "AWS::SQS::QueuePolicy", }, "testS3EventS3Bucket525E215C": { "DeletionPolicy": "Retain", "Properties": { "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256", }, }, ], }, "LifecycleConfiguration": { "Rules": [ { "NoncurrentVersionTransitions": [ { "StorageClass": "GLACIER", "TransitionInDays": 90, }, ], "Status": "Enabled", }, ], }, "LoggingConfiguration": { "LogFilePrefix": "testS3Event/", }, "NotificationConfiguration": { "EventBridgeConfiguration": { "EventBridgeEnabled": true, }, }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, "VersioningConfiguration": { "Status": "Enabled", }, }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "testS3EventS3BucketPolicy946F38A9": { "Properties": { "Bucket": { "Ref": "testS3EventS3Bucket525E215C", }, "PolicyDocument": { "Statement": [ { "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": { "AWS": "*", }, "Resource": [ { "Fn::GetAtt": [ "testS3EventS3Bucket525E215C", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "testS3EventS3Bucket525E215C", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, }, "Type": "AWS::S3::BucketPolicy", }, "testS3EventS3LoggingBucketC506C02D": { "DeletionPolicy": "Retain", "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W35", "reason": "This S3 bucket is used as the access logging bucket for another bucket", }, ], }, }, "Properties": { "AccessControl": "LogDeliveryWrite", "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256", }, }, ], }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, "VersioningConfiguration": { "Status": "Enabled", }, }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "testS3EventS3LoggingBucketPolicyA0414D81": { "Properties": { "Bucket": { "Ref": "testS3EventS3LoggingBucketC506C02D", }, "PolicyDocument": { "Statement": [ { "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": { "AWS": "*", }, "Resource": [ { "Fn::GetAtt": [ "testS3EventS3LoggingBucketC506C02D", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "testS3EventS3LoggingBucketC506C02D", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, }, "Type": "AWS::S3::BucketPolicy", }, "testS3EventS3NotificatonRule8F37C4C1": { "Properties": { "EventPattern": { "detail-type": [ "Object Created", ], "source": [ "aws.s3", ], }, "State": "ENABLED", "Targets": [ { "Arn": { "Fn::GetAtt": [ "testfunctionF063FA06", "Arn", ], }, "DeadLetterConfig": { "Arn": { "Fn::GetAtt": [ "testS3EventDLQ839BF4A0", "Arn", ], }, }, "Id": "Target0", "RetryPolicy": { "MaximumEventAgeInSeconds": 86400, "MaximumRetryAttempts": 10, }, }, ], }, "Type": "AWS::Events::Rule", }, "testS3EventS3NotificatonRuleAllowEventRuletestfunction1814BECA": { "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "testfunctionF063FA06", "Arn", ], }, "Principal": "events.amazonaws.com", "SourceArn": { "Fn::GetAtt": [ "testS3EventS3NotificatonRule8F37C4C1", "Arn", ], }, }, "Type": "AWS::Lambda::Permission", }, "testfunctionEventBusInvokeLambda54674379": { "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "testfunctionF063FA06", "Arn", ], }, "Principal": "events.amazonaws.com", "SourceArn": { "Fn::GetAtt": [ "testS3EventS3NotificatonRule8F37C4C1", "Arn", ], }, }, "Type": "AWS::Lambda::Permission", }, "testfunctionF063FA06": { "DependsOn": [ "testfunctionServiceRoleDefaultPolicy0B4726C0", "testfunctionServiceRoleD84755D8", ], "Properties": { "Code": { "S3Bucket": { "Ref": "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2S3Bucket4324637E", }, "S3Key": { "Fn::Join": [ "", [ { "Fn::Select": [ 0, { "Fn::Split": [ "||", { "Ref": "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2S3VersionKey24346418", }, ], }, ], }, { "Fn::Select": [ 1, { "Fn::Split": [ "||", { "Ref": "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2S3VersionKey24346418", }, ], }, ], }, ], ], }, }, "Handler": "lambda_function/handler", "Role": { "Fn::GetAtt": [ "testfunctionServiceRoleD84755D8", "Arn", ], }, "Runtime": "python3.9", }, "Type": "AWS::Lambda::Function", }, "testfunctionServiceRoleD84755D8": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, ], }, "Type": "AWS::IAM::Role", }, "testfunctionServiceRoleDefaultPolicy0B4726C0": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "testS3EventS3Bucket525E215C", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "testS3EventS3Bucket525E215C", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "testfunctionServiceRoleDefaultPolicy0B4726C0", "Roles": [ { "Ref": "testfunctionServiceRoleD84755D8", }, ], }, "Type": "AWS::IAM::Policy", }, }, } `; exports[`Test when event props are provided 1`] = ` { "Parameters": { "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2ArtifactHashA64CF354": { "Description": "Artifact hash for asset "01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2"", "Type": "String", }, "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2S3Bucket4324637E": { "Description": "S3 bucket for asset "01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2"", "Type": "String", }, "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2S3VersionKey24346418": { "Description": "S3 key for asset version "01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2"", "Type": "String", }, }, "Resources": { "testS3EventDLQ839BF4A0": { "DeletionPolicy": "Delete", "Properties": { "KmsMasterKeyId": "alias/aws/sqs", }, "Type": "AWS::SQS::Queue", "UpdateReplacePolicy": "Delete", }, "testS3EventDLQPolicy74E4AA3E": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": "sqs:SendMessage", "Condition": { "ArnEquals": { "aws:SourceArn": { "Fn::GetAtt": [ "testS3EventS3NotificatonRule8F37C4C1", "Arn", ], }, }, }, "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com", }, "Resource": { "Fn::GetAtt": [ "testS3EventDLQ839BF4A0", "Arn", ], }, "Sid": "AllowEventRuletestS3EventS3NotificatonRuleFB8B5F08", }, ], "Version": "2012-10-17", }, "Queues": [ { "Ref": "testS3EventDLQ839BF4A0", }, ], }, "Type": "AWS::SQS::QueuePolicy", }, "testS3EventLambdaFunction8AB33E25": { "DependsOn": [ "testS3EventLambdaFunctionServiceRoleDefaultPolicyA1097FFE", "testS3EventLambdaFunctionServiceRole6CCF554A", ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W58", "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", }, { "id": "W89", "reason": "This is not a rule for the general case, just for specific use cases/industries", }, { "id": "W92", "reason": "Impossible for us to define the correct concurrency for clients", }, ], }, }, "Properties": { "Code": { "S3Bucket": { "Ref": "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2S3Bucket4324637E", }, "S3Key": { "Fn::Join": [ "", [ { "Fn::Select": [ 0, { "Fn::Split": [ "||", { "Ref": "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2S3VersionKey24346418", }, ], }, ], }, { "Fn::Select": [ 1, { "Fn::Split": [ "||", { "Ref": "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2S3VersionKey24346418", }, ], }, ], }, ], ], }, }, "Handler": "lambda_function/handler", "Role": { "Fn::GetAtt": [ "testS3EventLambdaFunctionServiceRole6CCF554A", "Arn", ], }, "Runtime": "python3.9", "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, "testS3EventLambdaFunctionEventBusInvokeLambdaF35C0558": { "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "testS3EventLambdaFunction8AB33E25", "Arn", ], }, "Principal": "events.amazonaws.com", "SourceArn": { "Fn::GetAtt": [ "testS3EventS3NotificatonRule8F37C4C1", "Arn", ], }, }, "Type": "AWS::Lambda::Permission", }, "testS3EventLambdaFunctionServiceRole6CCF554A": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": [ { "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "LambdaFunctionServiceRolePolicy", }, ], }, "Type": "AWS::IAM::Role", }, "testS3EventLambdaFunctionServiceRoleDefaultPolicyA1097FFE": { "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "testS3EventS3Bucket525E215C", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "testS3EventS3Bucket525E215C", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "testS3EventLambdaFunctionServiceRoleDefaultPolicyA1097FFE", "Roles": [ { "Ref": "testS3EventLambdaFunctionServiceRole6CCF554A", }, ], }, "Type": "AWS::IAM::Policy", }, "testS3EventS3Bucket525E215C": { "DeletionPolicy": "Retain", "Properties": { "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256", }, }, ], }, "LifecycleConfiguration": { "Rules": [ { "NoncurrentVersionTransitions": [ { "StorageClass": "GLACIER", "TransitionInDays": 90, }, ], "Status": "Enabled", }, ], }, "LoggingConfiguration": { "LogFilePrefix": "testS3Event/", }, "NotificationConfiguration": { "EventBridgeConfiguration": { "EventBridgeEnabled": true, }, }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, "VersioningConfiguration": { "Status": "Enabled", }, }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "testS3EventS3BucketPolicy946F38A9": { "Properties": { "Bucket": { "Ref": "testS3EventS3Bucket525E215C", }, "PolicyDocument": { "Statement": [ { "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": { "AWS": "*", }, "Resource": [ { "Fn::GetAtt": [ "testS3EventS3Bucket525E215C", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "testS3EventS3Bucket525E215C", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, }, "Type": "AWS::S3::BucketPolicy", }, "testS3EventS3LoggingBucketC506C02D": { "DeletionPolicy": "Retain", "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W35", "reason": "This S3 bucket is used as the access logging bucket for another bucket", }, ], }, }, "Properties": { "AccessControl": "LogDeliveryWrite", "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256", }, }, ], }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, "VersioningConfiguration": { "Status": "Enabled", }, }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "testS3EventS3LoggingBucketPolicyA0414D81": { "Properties": { "Bucket": { "Ref": "testS3EventS3LoggingBucketC506C02D", }, "PolicyDocument": { "Statement": [ { "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": { "AWS": "*", }, "Resource": [ { "Fn::GetAtt": [ "testS3EventS3LoggingBucketC506C02D", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "testS3EventS3LoggingBucketC506C02D", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, }, "Type": "AWS::S3::BucketPolicy", }, "testS3EventS3NotificatonRule8F37C4C1": { "Properties": { "EventPattern": { "detail": { "eventName": [ "fakeEvent1", "fakeEvent2", ], "eventSource": [ "fake.amazonaws.com", ], }, "detail-type": [ "Test API Call Event", ], "source": [ "aws.fake.event", ], }, "State": "ENABLED", "Targets": [ { "Arn": { "Fn::GetAtt": [ "testS3EventLambdaFunction8AB33E25", "Arn", ], }, "DeadLetterConfig": { "Arn": { "Fn::GetAtt": [ "testS3EventDLQ839BF4A0", "Arn", ], }, }, "Id": "Target0", "RetryPolicy": { "MaximumEventAgeInSeconds": 86400, "MaximumRetryAttempts": 10, }, }, ], }, "Type": "AWS::Events::Rule", }, "testS3EventS3NotificatonRuleAllowEventRuletestS3EventLambdaFunction52D821FDD9EA56B7": { "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "testS3EventLambdaFunction8AB33E25", "Arn", ], }, "Principal": "events.amazonaws.com", "SourceArn": { "Fn::GetAtt": [ "testS3EventS3NotificatonRule8F37C4C1", "Arn", ], }, }, "Type": "AWS::Lambda::Permission", }, }, } `; exports[`Use bucket props to create a bucket 1`] = ` { "Parameters": { "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2ArtifactHashA64CF354": { "Description": "Artifact hash for asset "01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2"", "Type": "String", }, "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2S3Bucket4324637E": { "Description": "S3 bucket for asset "01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2"", "Type": "String", }, "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2S3VersionKey24346418": { "Description": "S3 key for asset version "01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2"", "Type": "String", }, }, "Resources": { "testS3EventDLQ839BF4A0": { "DeletionPolicy": "Delete", "Properties": { "KmsMasterKeyId": "alias/aws/sqs", }, "Type": "AWS::SQS::Queue", "UpdateReplacePolicy": "Delete", }, "testS3EventDLQPolicy74E4AA3E": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": "sqs:SendMessage", "Condition": { "ArnEquals": { "aws:SourceArn": { "Fn::GetAtt": [ "testS3EventS3NotificatonRule8F37C4C1", "Arn", ], }, }, }, "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com", }, "Resource": { "Fn::GetAtt": [ "testS3EventDLQ839BF4A0", "Arn", ], }, "Sid": "AllowEventRuletestS3EventS3NotificatonRuleFB8B5F08", }, ], "Version": "2012-10-17", }, "Queues": [ { "Ref": "testS3EventDLQ839BF4A0", }, ], }, "Type": "AWS::SQS::QueuePolicy", }, "testS3EventLambdaFunction8AB33E25": { "DependsOn": [ "testS3EventLambdaFunctionServiceRoleDefaultPolicyA1097FFE", "testS3EventLambdaFunctionServiceRole6CCF554A", ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W58", "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", }, { "id": "W89", "reason": "This is not a rule for the general case, just for specific use cases/industries", }, { "id": "W92", "reason": "Impossible for us to define the correct concurrency for clients", }, ], }, }, "Properties": { "Code": { "S3Bucket": { "Ref": "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2S3Bucket4324637E", }, "S3Key": { "Fn::Join": [ "", [ { "Fn::Select": [ 0, { "Fn::Split": [ "||", { "Ref": "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2S3VersionKey24346418", }, ], }, ], }, { "Fn::Select": [ 1, { "Fn::Split": [ "||", { "Ref": "AssetParameters01b85b6bcec6f183b1c3cf712ea48cb15a099a7acc142c83e1be16e20190b9b2S3VersionKey24346418", }, ], }, ], }, ], ], }, }, "Handler": "lambda_function/handler", "Role": { "Fn::GetAtt": [ "testS3EventLambdaFunctionServiceRole6CCF554A", "Arn", ], }, "Runtime": "python3.9", "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, "testS3EventLambdaFunctionEventBusInvokeLambdaF35C0558": { "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "testS3EventLambdaFunction8AB33E25", "Arn", ], }, "Principal": "events.amazonaws.com", "SourceArn": { "Fn::GetAtt": [ "testS3EventS3NotificatonRule8F37C4C1", "Arn", ], }, }, "Type": "AWS::Lambda::Permission", }, "testS3EventLambdaFunctionServiceRole6CCF554A": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": [ { "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "LambdaFunctionServiceRolePolicy", }, ], }, "Type": "AWS::IAM::Role", }, "testS3EventLambdaFunctionServiceRoleDefaultPolicyA1097FFE": { "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "testS3EventS3Bucket525E215C", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "testS3EventS3Bucket525E215C", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "testS3EventLambdaFunctionServiceRoleDefaultPolicyA1097FFE", "Roles": [ { "Ref": "testS3EventLambdaFunctionServiceRole6CCF554A", }, ], }, "Type": "AWS::IAM::Policy", }, "testS3EventS3Bucket525E215C": { "DeletionPolicy": "Retain", "Properties": { "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256", }, }, ], }, "BucketName": "bucketpropsprovided", "LifecycleConfiguration": { "Rules": [ { "NoncurrentVersionTransitions": [ { "StorageClass": "GLACIER", "TransitionInDays": 90, }, ], "Status": "Enabled", }, ], }, "LoggingConfiguration": { "LogFilePrefix": "testS3Event/", }, "NotificationConfiguration": { "EventBridgeConfiguration": { "EventBridgeEnabled": true, }, }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, "VersioningConfiguration": { "Status": "Enabled", }, }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "testS3EventS3BucketPolicy946F38A9": { "Properties": { "Bucket": { "Ref": "testS3EventS3Bucket525E215C", }, "PolicyDocument": { "Statement": [ { "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": { "AWS": "*", }, "Resource": [ { "Fn::GetAtt": [ "testS3EventS3Bucket525E215C", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "testS3EventS3Bucket525E215C", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, }, "Type": "AWS::S3::BucketPolicy", }, "testS3EventS3LoggingBucketC506C02D": { "DeletionPolicy": "Retain", "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W35", "reason": "This S3 bucket is used as the access logging bucket for another bucket", }, ], }, }, "Properties": { "AccessControl": "LogDeliveryWrite", "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256", }, }, ], }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, "VersioningConfiguration": { "Status": "Enabled", }, }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "testS3EventS3LoggingBucketPolicyA0414D81": { "Properties": { "Bucket": { "Ref": "testS3EventS3LoggingBucketC506C02D", }, "PolicyDocument": { "Statement": [ { "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": { "AWS": "*", }, "Resource": [ { "Fn::GetAtt": [ "testS3EventS3LoggingBucketC506C02D", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "testS3EventS3LoggingBucketC506C02D", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, }, "Type": "AWS::S3::BucketPolicy", }, "testS3EventS3NotificatonRule8F37C4C1": { "Properties": { "EventPattern": { "detail-type": [ "Object Created", ], "source": [ "aws.s3", ], }, "State": "ENABLED", "Targets": [ { "Arn": { "Fn::GetAtt": [ "testS3EventLambdaFunction8AB33E25", "Arn", ], }, "DeadLetterConfig": { "Arn": { "Fn::GetAtt": [ "testS3EventDLQ839BF4A0", "Arn", ], }, }, "Id": "Target0", "RetryPolicy": { "MaximumEventAgeInSeconds": 86400, "MaximumRetryAttempts": 10, }, }, ], }, "Type": "AWS::Events::Rule", }, "testS3EventS3NotificatonRuleAllowEventRuletestS3EventLambdaFunction52D821FDD9EA56B7": { "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "testS3EventLambdaFunction8AB33E25", "Arn", ], }, "Principal": "events.amazonaws.com", "SourceArn": { "Fn::GetAtt": [ "testS3EventS3NotificatonRule8F37C4C1", "Arn", ], }, }, "Type": "AWS::Lambda::Permission", }, }, } `;