// Jest Snapshot v1, https://goo.gl/fbAQLP exports[`test orchestration construct 1`] = ` { "Mappings": { "ServiceprincipalMap": { "af-south-1": { "states": "states.af-south-1.amazonaws.com", }, "ap-east-1": { "states": "states.ap-east-1.amazonaws.com", }, "ap-northeast-1": { "states": "states.ap-northeast-1.amazonaws.com", }, "ap-northeast-2": { "states": "states.ap-northeast-2.amazonaws.com", }, "ap-northeast-3": { "states": "states.ap-northeast-3.amazonaws.com", }, "ap-south-1": { "states": "states.ap-south-1.amazonaws.com", }, "ap-southeast-1": { "states": "states.ap-southeast-1.amazonaws.com", }, "ap-southeast-2": { "states": "states.ap-southeast-2.amazonaws.com", }, "ap-southeast-3": { "states": "states.ap-southeast-3.amazonaws.com", }, "ca-central-1": { "states": "states.ca-central-1.amazonaws.com", }, "cn-north-1": { "states": "states.cn-north-1.amazonaws.com", }, "cn-northwest-1": { "states": "states.cn-northwest-1.amazonaws.com", }, "eu-central-1": { "states": "states.eu-central-1.amazonaws.com", }, "eu-north-1": { "states": "states.eu-north-1.amazonaws.com", }, "eu-south-1": { "states": "states.eu-south-1.amazonaws.com", }, "eu-south-2": { "states": "states.eu-south-2.amazonaws.com", }, "eu-west-1": { "states": "states.eu-west-1.amazonaws.com", }, "eu-west-2": { "states": "states.eu-west-2.amazonaws.com", }, "eu-west-3": { "states": "states.eu-west-3.amazonaws.com", }, "me-south-1": { "states": "states.me-south-1.amazonaws.com", }, "sa-east-1": { "states": "states.sa-east-1.amazonaws.com", }, "us-east-1": { "states": "states.us-east-1.amazonaws.com", }, "us-east-2": { "states": "states.us-east-2.amazonaws.com", }, "us-gov-east-1": { "states": "states.us-gov-east-1.amazonaws.com", }, "us-gov-west-1": { "states": "states.us-gov-west-1.amazonaws.com", }, "us-iso-east-1": { "states": "states.amazonaws.com", }, "us-iso-west-1": { "states": "states.amazonaws.com", }, "us-isob-east-1": { "states": "states.amazonaws.com", }, "us-west-1": { "states": "states.us-west-1.amazonaws.com", }, "us-west-2": { "states": "states.us-west-2.amazonaws.com", }, }, }, "Parameters": { "AssetParameters299c4aa6b12f17ca77778daaab6dec763cdd7fef76db8f80ccf14b14e3c28de1ArtifactHash957DA7A7": { "Description": "Artifact hash for asset "299c4aa6b12f17ca77778daaab6dec763cdd7fef76db8f80ccf14b14e3c28de1"", "Type": "String", }, "AssetParameters299c4aa6b12f17ca77778daaab6dec763cdd7fef76db8f80ccf14b14e3c28de1S3Bucket76FDBA17": { "Description": "S3 bucket for asset "299c4aa6b12f17ca77778daaab6dec763cdd7fef76db8f80ccf14b14e3c28de1"", "Type": "String", }, "AssetParameters299c4aa6b12f17ca77778daaab6dec763cdd7fef76db8f80ccf14b14e3c28de1S3VersionKey11642BB1": { "Description": "S3 key for asset version "299c4aa6b12f17ca77778daaab6dec763cdd7fef76db8f80ccf14b14e3c28de1"", "Type": "String", }, "AssetParameters7f8a28135926e236abcf6230f1fe0a163a37a28e3dcd147d41bb1d4c9bb04566ArtifactHash77EFF9E3": { "Description": "Artifact hash for asset "7f8a28135926e236abcf6230f1fe0a163a37a28e3dcd147d41bb1d4c9bb04566"", "Type": "String", }, "AssetParameters7f8a28135926e236abcf6230f1fe0a163a37a28e3dcd147d41bb1d4c9bb04566S3BucketCEE53B1D": { "Description": "S3 bucket for asset "7f8a28135926e236abcf6230f1fe0a163a37a28e3dcd147d41bb1d4c9bb04566"", "Type": "String", }, "AssetParameters7f8a28135926e236abcf6230f1fe0a163a37a28e3dcd147d41bb1d4c9bb04566S3VersionKey4FECF295": { "Description": "S3 key for asset version "7f8a28135926e236abcf6230f1fe0a163a37a28e3dcd147d41bb1d4c9bb04566"", "Type": "String", }, "AssetParametersb698e17c71e40cf3e7e16b201f4f643a6f9c5d31fa42ffc38c5e361520b75537ArtifactHashAC894B22": { "Description": "Artifact hash for asset "b698e17c71e40cf3e7e16b201f4f643a6f9c5d31fa42ffc38c5e361520b75537"", "Type": "String", }, "AssetParametersb698e17c71e40cf3e7e16b201f4f643a6f9c5d31fa42ffc38c5e361520b75537S3Bucket59CF3236": { "Description": "S3 bucket for asset "b698e17c71e40cf3e7e16b201f4f643a6f9c5d31fa42ffc38c5e361520b75537"", "Type": "String", }, "AssetParametersb698e17c71e40cf3e7e16b201f4f643a6f9c5d31fa42ffc38c5e361520b75537S3VersionKeyAB3868BB": { "Description": "S3 key for asset version "b698e17c71e40cf3e7e16b201f4f643a6f9c5d31fa42ffc38c5e361520b75537"", "Type": "String", }, "AssetParametersccac79611787e4082ad2c4e7d7412d0de9dc15921b150b46c5d4815b45d7b963ArtifactHashD5E3FECD": { "Description": "Artifact hash for asset "ccac79611787e4082ad2c4e7d7412d0de9dc15921b150b46c5d4815b45d7b963"", "Type": "String", }, "AssetParametersccac79611787e4082ad2c4e7d7412d0de9dc15921b150b46c5d4815b45d7b963S3BucketD96E2447": { "Description": "S3 bucket for asset "ccac79611787e4082ad2c4e7d7412d0de9dc15921b150b46c5d4815b45d7b963"", "Type": "String", }, "AssetParametersccac79611787e4082ad2c4e7d7412d0de9dc15921b150b46c5d4815b45d7b963S3VersionKey63253A44": { "Description": "S3 key for asset version "ccac79611787e4082ad2c4e7d7412d0de9dc15921b150b46c5d4815b45d7b963"", "Type": "String", }, "AssetParametersddb200cc4a5fb224af52699667dce6c0f3d6b26689d19da07b7a51eddb9f09deArtifactHash76A9D27D": { "Description": "Artifact hash for asset "ddb200cc4a5fb224af52699667dce6c0f3d6b26689d19da07b7a51eddb9f09de"", "Type": "String", }, "AssetParametersddb200cc4a5fb224af52699667dce6c0f3d6b26689d19da07b7a51eddb9f09deS3BucketB94F8B5E": { "Description": "S3 bucket for asset "ddb200cc4a5fb224af52699667dce6c0f3d6b26689d19da07b7a51eddb9f09de"", "Type": "String", }, "AssetParametersddb200cc4a5fb224af52699667dce6c0f3d6b26689d19da07b7a51eddb9f09deS3VersionKeyC1149646": { "Description": "S3 key for asset version "ddb200cc4a5fb224af52699667dce6c0f3d6b26689d19da07b7a51eddb9f09de"", "Type": "String", }, "AssetParametersf53297b8b4f846ee863a1218f7b9452f3b9c1e129e17b71a3b696a25f40e1a25ArtifactHash64677A03": { "Description": "Artifact hash for asset "f53297b8b4f846ee863a1218f7b9452f3b9c1e129e17b71a3b696a25f40e1a25"", "Type": "String", }, "AssetParametersf53297b8b4f846ee863a1218f7b9452f3b9c1e129e17b71a3b696a25f40e1a25S3BucketA8A8D8EA": { "Description": "S3 bucket for asset "f53297b8b4f846ee863a1218f7b9452f3b9c1e129e17b71a3b696a25f40e1a25"", "Type": "String", }, "AssetParametersf53297b8b4f846ee863a1218f7b9452f3b9c1e129e17b71a3b696a25f40e1a25S3VersionKeyC5F02257": { "Description": "S3 key for asset version "f53297b8b4f846ee863a1218f7b9452f3b9c1e129e17b71a3b696a25f40e1a25"", "Type": "String", }, }, "Resources": { "AccessLogD598EBE9": { "DeletionPolicy": "Retain", "Properties": { "AccessControl": "LogDeliveryWrite", "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256", }, }, ], }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "AccessLogPolicy4B3DB856": { "Properties": { "Bucket": { "Ref": "AccessLogD598EBE9", }, "PolicyDocument": { "Statement": [ { "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": { "AWS": "*", }, "Resource": [ { "Fn::GetAtt": [ "AccessLogD598EBE9", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "AccessLogD598EBE9", "Arn", ], }, "/*", ], ], }, ], }, { "Action": "s3:PutObject", "Condition": { "ArnLike": { "aws:SourceArn": [ { "Fn::GetAtt": [ "OrchestrationConstructS3Bucket2727DF68", "Arn", ], }, ], }, "StringEquals": { "aws:SourceAccount": { "Ref": "AWS::AccountId", }, }, }, "Effect": "Allow", "Principal": { "Service": "logging.s3.amazonaws.com", }, "Resource": { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "AccessLogD598EBE9", "Arn", ], }, "/OrchestrationConstruct*", ], ], }, "Sid": "OrchestrationConstructAccessLogsPolicy", }, { "Action": "s3:PutObject", "Condition": { "ArnLike": { "aws:SourceArn": [ { "Fn::GetAtt": [ "OrchestrationConstructImageBucketS3Bucket20418E23", "Arn", ], }, ], }, "StringEquals": { "aws:SourceAccount": { "Ref": "AWS::AccountId", }, }, }, "Effect": "Allow", "Principal": { "Service": "logging.s3.amazonaws.com", }, "Resource": { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "AccessLogD598EBE9", "Arn", ], }, "/OrchestrationConstruct*", ], ], }, "Sid": "OrchestrationConstructAccessLogsPolicy", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::S3::BucketPolicy", }, "OrchestrationConstructDetectLangLambdaStateMachineTaskD76F5818": { "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "State machine resource not available, hence defaulting to "*"", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "states:SendTaskSuccess", "states:sendTaskFailure", "states:SendTaskHeartbeat", ], "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "OrchestrationConstructDetectLangLambdaStateMachineTaskD76F5818", "Roles": [ { "Ref": "OrchestrationConstructDetectLangTaskLambdaFunctionServiceRole190A36AD", }, ], }, "Type": "AWS::IAM::Policy", }, "OrchestrationConstructDetectLangTaskLambdaFunctionA1732E57": { "DependsOn": [ "OrchestrationConstructDetectLangTaskLambdaFunctionServiceRoleDefaultPolicy2E7A77EC", "OrchestrationConstructDetectLangTaskLambdaFunctionServiceRole190A36AD", ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W58", "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", }, { "id": "W89", "reason": "This is not a rule for the general case, just for specific use cases/industries", }, { "id": "W92", "reason": "Impossible for us to define the correct concurrency for clients", }, ], }, }, "Properties": { "Code": { "S3Bucket": { "Ref": "AssetParametersddb200cc4a5fb224af52699667dce6c0f3d6b26689d19da07b7a51eddb9f09deS3BucketB94F8B5E", }, "S3Key": { "Fn::Join": [ "", [ { "Fn::Select": [ 0, { "Fn::Split": [ "||", { "Ref": "AssetParametersddb200cc4a5fb224af52699667dce6c0f3d6b26689d19da07b7a51eddb9f09deS3VersionKeyC1149646", }, ], }, ], }, { "Fn::Select": [ 1, { "Fn::Split": [ "||", { "Ref": "AssetParametersddb200cc4a5fb224af52699667dce6c0f3d6b26689d19da07b7a51eddb9f09deS3VersionKeyC1149646", }, ], }, ], }, ], ], }, }, "Environment": { "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", "DEFAULT_LANGAUGE": "en", }, }, "Handler": "index.handler", "ReservedConcurrentExecutions": 15, "Role": { "Fn::GetAtt": [ "OrchestrationConstructDetectLangTaskLambdaFunctionServiceRole190A36AD", "Arn", ], }, "Runtime": "nodejs14.x", "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, "OrchestrationConstructDetectLangTaskLambdaFunctionServiceRole190A36AD": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": [ { "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "LambdaFunctionServiceRolePolicy", }, ], }, "Type": "AWS::IAM::Role", }, "OrchestrationConstructDetectLangTaskLambdaFunctionServiceRoleDefaultPolicy2E7A77EC": { "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, { "Action": [ "sqs:ReceiveMessage", "sqs:ChangeMessageVisibility", "sqs:GetQueueUrl", "sqs:DeleteMessage", "sqs:GetQueueAttributes", ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "OrchestrationConstructDetectLangTaskqueue7F10D52E", "Arn", ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "OrchestrationConstructDetectLangTaskLambdaFunctionServiceRoleDefaultPolicy2E7A77EC", "Roles": [ { "Ref": "OrchestrationConstructDetectLangTaskLambdaFunctionServiceRole190A36AD", }, ], }, "Type": "AWS::IAM::Policy", }, "OrchestrationConstructDetectLangTaskLambdaFunctionSqsEventSourceOrchestrationConstructDetectLangTaskqueue72BE2B80C7EA3FD7": { "Properties": { "BatchSize": 1, "Enabled": true, "EventSourceArn": { "Fn::GetAtt": [ "OrchestrationConstructDetectLangTaskqueue7F10D52E", "Arn", ], }, "FunctionName": { "Ref": "OrchestrationConstructDetectLangTaskLambdaFunctionA1732E57", }, }, "Type": "AWS::Lambda::EventSourceMapping", }, "OrchestrationConstructDetectLangTaskdeadLetterQueueE78FDBEF": { "DeletionPolicy": "Delete", "Properties": { "KmsMasterKeyId": "alias/aws/sqs", }, "Type": "AWS::SQS::Queue", "UpdateReplacePolicy": "Delete", }, "OrchestrationConstructDetectLangTaskdeadLetterQueuePolicyEB453143": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "sqs:DeleteMessage", "sqs:ReceiveMessage", "sqs:SendMessage", "sqs:GetQueueAttributes", "sqs:RemovePermission", "sqs:AddPermission", "sqs:SetQueueAttributes", ], "Effect": "Allow", "Principal": { "AWS": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::", { "Ref": "AWS::AccountId", }, ":root", ], ], }, }, "Resource": { "Fn::GetAtt": [ "OrchestrationConstructDetectLangTaskdeadLetterQueueE78FDBEF", "Arn", ], }, "Sid": "QueueOwnerOnlyAccess", }, { "Action": "SQS:*", "Condition": { "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": { "AWS": "*", }, "Resource": { "Fn::GetAtt": [ "OrchestrationConstructDetectLangTaskdeadLetterQueueE78FDBEF", "Arn", ], }, "Sid": "HttpsOnly", }, ], "Version": "2012-10-17", }, "Queues": [ { "Ref": "OrchestrationConstructDetectLangTaskdeadLetterQueueE78FDBEF", }, ], }, "Type": "AWS::SQS::QueuePolicy", }, "OrchestrationConstructDetectLangTaskqueue7F10D52E": { "DeletionPolicy": "Delete", "Properties": { "KmsMasterKeyId": "alias/aws/sqs", "RedrivePolicy": { "deadLetterTargetArn": { "Fn::GetAtt": [ "OrchestrationConstructDetectLangTaskdeadLetterQueueE78FDBEF", "Arn", ], }, "maxReceiveCount": 15, }, "VisibilityTimeout": 3600, }, "Type": "AWS::SQS::Queue", "UpdateReplacePolicy": "Delete", }, "OrchestrationConstructDetectLangTaskqueuePolicyD611F169": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "sqs:DeleteMessage", "sqs:ReceiveMessage", "sqs:SendMessage", "sqs:GetQueueAttributes", "sqs:RemovePermission", "sqs:AddPermission", "sqs:SetQueueAttributes", ], "Effect": "Allow", "Principal": { "AWS": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::", { "Ref": "AWS::AccountId", }, ":root", ], ], }, }, "Resource": { "Fn::GetAtt": [ "OrchestrationConstructDetectLangTaskqueue7F10D52E", "Arn", ], }, "Sid": "QueueOwnerOnlyAccess", }, { "Action": "SQS:*", "Condition": { "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": { "AWS": "*", }, "Resource": { "Fn::GetAtt": [ "OrchestrationConstructDetectLangTaskqueue7F10D52E", "Arn", ], }, "Sid": "HttpsOnly", }, ], "Version": "2012-10-17", }, "Queues": [ { "Ref": "OrchestrationConstructDetectLangTaskqueue7F10D52E", }, ], }, "Type": "AWS::SQS::QueuePolicy", }, "OrchestrationConstructImageAnalysisLambdaStateMachineTask2428A01B": { "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "State machine resource not available, hence defaulting to "*"", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "states:SendTaskSuccess", "states:sendTaskFailure", "states:SendTaskHeartbeat", ], "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "OrchestrationConstructImageAnalysisLambdaStateMachineTask2428A01B", "Roles": [ { "Ref": "OrchestrationConstructImageAnalysisTaskLambdaFunctionServiceRole9751CC46", }, ], }, "Type": "AWS::IAM::Policy", }, "OrchestrationConstructImageAnalysisTaskLambdaFunction683EE119": { "DependsOn": [ "OrchestrationConstructImageAnalysisTaskLambdaFunctionServiceRoleDefaultPolicy001FDAC9", "OrchestrationConstructImageAnalysisTaskLambdaFunctionServiceRole9751CC46", ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W58", "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", }, { "id": "W89", "reason": "This is not a rule for the general case, just for specific use cases/industries", }, { "id": "W92", "reason": "Impossible for us to define the correct concurrency for clients", }, ], }, }, "Properties": { "Code": { "S3Bucket": { "Ref": "AssetParameters299c4aa6b12f17ca77778daaab6dec763cdd7fef76db8f80ccf14b14e3c28de1S3Bucket76FDBA17", }, "S3Key": { "Fn::Join": [ "", [ { "Fn::Select": [ 0, { "Fn::Split": [ "||", { "Ref": "AssetParameters299c4aa6b12f17ca77778daaab6dec763cdd7fef76db8f80ccf14b14e3c28de1S3VersionKey11642BB1", }, ], }, ], }, { "Fn::Select": [ 1, { "Fn::Split": [ "||", { "Ref": "AssetParameters299c4aa6b12f17ca77778daaab6dec763cdd7fef76db8f80ccf14b14e3c28de1S3VersionKey11642BB1", }, ], }, ], }, ], ], }, }, "Environment": { "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", "S3_BUCKET_NAME": { "Ref": "OrchestrationConstructImageBucketS3Bucket20418E23", }, }, }, "Handler": "index.handler", "ReservedConcurrentExecutions": 15, "Role": { "Fn::GetAtt": [ "OrchestrationConstructImageAnalysisTaskLambdaFunctionServiceRole9751CC46", "Arn", ], }, "Runtime": "nodejs14.x", "Timeout": 900, "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, "OrchestrationConstructImageAnalysisTaskLambdaFunctionServiceRole9751CC46": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": [ { "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "LambdaFunctionServiceRolePolicy", }, ], }, "Type": "AWS::IAM::Role", }, "OrchestrationConstructImageAnalysisTaskLambdaFunctionServiceRoleDefaultPolicy001FDAC9": { "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, { "Action": [ "sqs:ReceiveMessage", "sqs:ChangeMessageVisibility", "sqs:GetQueueUrl", "sqs:DeleteMessage", "sqs:GetQueueAttributes", ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "OrchestrationConstructImageAnalysisTaskqueue25D79D1F", "Arn", ], }, }, { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", "s3:DeleteObject*", "s3:PutObject*", "s3:Abort*", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "OrchestrationConstructImageBucketS3Bucket20418E23", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "OrchestrationConstructImageBucketS3Bucket20418E23", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "OrchestrationConstructImageAnalysisTaskLambdaFunctionServiceRoleDefaultPolicy001FDAC9", "Roles": [ { "Ref": "OrchestrationConstructImageAnalysisTaskLambdaFunctionServiceRole9751CC46", }, ], }, "Type": "AWS::IAM::Policy", }, "OrchestrationConstructImageAnalysisTaskLambdaFunctionSqsEventSourceOrchestrationConstructImageAnalysisTaskqueue3AE3A2A312A31520": { "Properties": { "BatchSize": 1, "Enabled": true, "EventSourceArn": { "Fn::GetAtt": [ "OrchestrationConstructImageAnalysisTaskqueue25D79D1F", "Arn", ], }, "FunctionName": { "Ref": "OrchestrationConstructImageAnalysisTaskLambdaFunction683EE119", }, }, "Type": "AWS::Lambda::EventSourceMapping", }, "OrchestrationConstructImageAnalysisTaskdeadLetterQueue1BC38F55": { "DeletionPolicy": "Delete", "Properties": { "KmsMasterKeyId": "alias/aws/sqs", }, "Type": "AWS::SQS::Queue", "UpdateReplacePolicy": "Delete", }, "OrchestrationConstructImageAnalysisTaskdeadLetterQueuePolicy14893B98": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "sqs:DeleteMessage", "sqs:ReceiveMessage", "sqs:SendMessage", "sqs:GetQueueAttributes", "sqs:RemovePermission", "sqs:AddPermission", "sqs:SetQueueAttributes", ], "Effect": "Allow", "Principal": { "AWS": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::", { "Ref": "AWS::AccountId", }, ":root", ], ], }, }, "Resource": { "Fn::GetAtt": [ "OrchestrationConstructImageAnalysisTaskdeadLetterQueue1BC38F55", "Arn", ], }, "Sid": "QueueOwnerOnlyAccess", }, { "Action": "SQS:*", "Condition": { "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": { "AWS": "*", }, "Resource": { "Fn::GetAtt": [ "OrchestrationConstructImageAnalysisTaskdeadLetterQueue1BC38F55", "Arn", ], }, "Sid": "HttpsOnly", }, ], "Version": "2012-10-17", }, "Queues": [ { "Ref": "OrchestrationConstructImageAnalysisTaskdeadLetterQueue1BC38F55", }, ], }, "Type": "AWS::SQS::QueuePolicy", }, "OrchestrationConstructImageAnalysisTaskqueue25D79D1F": { "DeletionPolicy": "Delete", "Properties": { "KmsMasterKeyId": "alias/aws/sqs", "RedrivePolicy": { "deadLetterTargetArn": { "Fn::GetAtt": [ "OrchestrationConstructImageAnalysisTaskdeadLetterQueue1BC38F55", "Arn", ], }, "maxReceiveCount": 15, }, "VisibilityTimeout": 3600, }, "Type": "AWS::SQS::Queue", "UpdateReplacePolicy": "Delete", }, "OrchestrationConstructImageAnalysisTaskqueuePolicyA1A79F51": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "sqs:DeleteMessage", "sqs:ReceiveMessage", "sqs:SendMessage", "sqs:GetQueueAttributes", "sqs:RemovePermission", "sqs:AddPermission", "sqs:SetQueueAttributes", ], "Effect": "Allow", "Principal": { "AWS": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::", { "Ref": "AWS::AccountId", }, ":root", ], ], }, }, "Resource": { "Fn::GetAtt": [ "OrchestrationConstructImageAnalysisTaskqueue25D79D1F", "Arn", ], }, "Sid": "QueueOwnerOnlyAccess", }, { "Action": "SQS:*", "Condition": { "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": { "AWS": "*", }, "Resource": { "Fn::GetAtt": [ "OrchestrationConstructImageAnalysisTaskqueue25D79D1F", "Arn", ], }, "Sid": "HttpsOnly", }, ], "Version": "2012-10-17", }, "Queues": [ { "Ref": "OrchestrationConstructImageAnalysisTaskqueue25D79D1F", }, ], }, "Type": "AWS::SQS::QueuePolicy", }, "OrchestrationConstructImageBucketS3Bucket20418E23": { "DeletionPolicy": "Retain", "Properties": { "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256", }, }, ], }, "LoggingConfiguration": { "DestinationBucketName": { "Ref": "AccessLogD598EBE9", }, "LogFilePrefix": "OrchestrationConstruct/", }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "OrchestrationConstructImageBucketS3BucketPolicy6A71B078": { "Properties": { "Bucket": { "Ref": "OrchestrationConstructImageBucketS3Bucket20418E23", }, "PolicyDocument": { "Statement": [ { "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": { "AWS": "*", }, "Resource": [ { "Fn::GetAtt": [ "OrchestrationConstructImageBucketS3Bucket20418E23", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "OrchestrationConstructImageBucketS3Bucket20418E23", "Arn", ], }, "/*", ], ], }, ], }, { "Action": [ "s3:List*", "s3:Get*", ], "Effect": "Allow", "Principal": { "Service": "rekognition.amazonaws.com", }, "Resource": [ { "Fn::GetAtt": [ "OrchestrationConstructImageBucketS3Bucket20418E23", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "OrchestrationConstructImageBucketS3Bucket20418E23", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, }, "Type": "AWS::S3::BucketPolicy", }, "OrchestrationConstructLabelsRekAnalyzeC2C4DA03": { "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "The * resource allows lambda function to access Amazon Rekognition services. The Rekognition services do not have a resource arn. This permission is retricted to the lambda function responsible for accessing the Amazon Rekognition service", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": "rekognition:detectModerationLabels", "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "OrchestrationConstructLabelsRekAnalyzeC2C4DA03", "Roles": [ { "Ref": "OrchestrationConstructModerationLabelsTaskLambdaFunctionServiceRole93530097", }, ], }, "Type": "AWS::IAM::Policy", }, "OrchestrationConstructLambdaComprehendPolicy140F9123": { "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "The * resource allows lambda function to access Amazon Comprehend services. The comprehend services not have a resource arn. This permission is retricted to the lambda function responsible for accessing the Amazon Comprehend service", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "comprehend:DetectSentiment", "comprehend:DetectEntities", "comprehend:DetectKeyPhrases", ], "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "OrchestrationConstructLambdaComprehendPolicy140F9123", "Roles": [ { "Ref": "OrchestrationConstructTextAnalysisTaskLambdaFunctionServiceRoleF3C02291", }, ], }, "Type": "AWS::IAM::Policy", }, "OrchestrationConstructLambdaDetectLangPolicy011B8203": { "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "The * resource allows lambda function to access Amazon Comprehend services. The comprehend services not have a resource arn. This permission is retricted to the lambda function responsible for accessing the Amazon Comprehend service", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": "comprehend:DetectDominantLanguage", "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "OrchestrationConstructLambdaDetectLangPolicy011B8203", "Roles": [ { "Ref": "OrchestrationConstructDetectLangTaskLambdaFunctionServiceRole190A36AD", }, ], }, "Type": "AWS::IAM::Policy", }, "OrchestrationConstructLambdaEventBusPolicy557A2842": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": "events:PutEvents", "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "TestEventBus12626D66", "Arn", ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "OrchestrationConstructLambdaEventBusPolicy557A2842", "Roles": [ { "Ref": "OrchestrationConstructPublishEventsLambdaFunctionServiceRole4EA0B6AB", }, ], }, "Type": "AWS::IAM::Policy", }, "OrchestrationConstructModerationLabelsLambdaStateMachineTask677FB728": { "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "State machine resource not available, hence defaulting to "*"", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "states:SendTaskSuccess", "states:sendTaskFailure", "states:SendTaskHeartbeat", ], "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "OrchestrationConstructModerationLabelsLambdaStateMachineTask677FB728", "Roles": [ { "Ref": "OrchestrationConstructModerationLabelsTaskLambdaFunctionServiceRole93530097", }, ], }, "Type": "AWS::IAM::Policy", }, "OrchestrationConstructModerationLabelsTaskLambdaFunction5DCF7649": { "DependsOn": [ "OrchestrationConstructModerationLabelsTaskLambdaFunctionServiceRoleDefaultPolicyB7910F2E", "OrchestrationConstructModerationLabelsTaskLambdaFunctionServiceRole93530097", ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W58", "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", }, { "id": "W89", "reason": "This is not a rule for the general case, just for specific use cases/industries", }, { "id": "W92", "reason": "Impossible for us to define the correct concurrency for clients", }, ], }, }, "Properties": { "Code": { "S3Bucket": { "Ref": "AssetParametersccac79611787e4082ad2c4e7d7412d0de9dc15921b150b46c5d4815b45d7b963S3BucketD96E2447", }, "S3Key": { "Fn::Join": [ "", [ { "Fn::Select": [ 0, { "Fn::Split": [ "||", { "Ref": "AssetParametersccac79611787e4082ad2c4e7d7412d0de9dc15921b150b46c5d4815b45d7b963S3VersionKey63253A44", }, ], }, ], }, { "Fn::Select": [ 1, { "Fn::Split": [ "||", { "Ref": "AssetParametersccac79611787e4082ad2c4e7d7412d0de9dc15921b150b46c5d4815b45d7b963S3VersionKey63253A44", }, ], }, ], }, ], ], }, }, "Environment": { "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", "S3_BUCKET_NAME": { "Ref": "OrchestrationConstructImageBucketS3Bucket20418E23", }, }, }, "Handler": "index.handler", "ReservedConcurrentExecutions": 15, "Role": { "Fn::GetAtt": [ "OrchestrationConstructModerationLabelsTaskLambdaFunctionServiceRole93530097", "Arn", ], }, "Runtime": "nodejs14.x", "Timeout": 300, "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, "OrchestrationConstructModerationLabelsTaskLambdaFunctionServiceRole93530097": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": [ { "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "LambdaFunctionServiceRolePolicy", }, ], }, "Type": "AWS::IAM::Role", }, "OrchestrationConstructModerationLabelsTaskLambdaFunctionServiceRoleDefaultPolicyB7910F2E": { "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, { "Action": [ "sqs:ReceiveMessage", "sqs:ChangeMessageVisibility", "sqs:GetQueueUrl", "sqs:DeleteMessage", "sqs:GetQueueAttributes", ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "OrchestrationConstructModerationLabelsTaskqueueEFF25AE6", "Arn", ], }, }, { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", "s3:DeleteObject*", "s3:PutObject*", "s3:Abort*", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "OrchestrationConstructImageBucketS3Bucket20418E23", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "OrchestrationConstructImageBucketS3Bucket20418E23", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "OrchestrationConstructModerationLabelsTaskLambdaFunctionServiceRoleDefaultPolicyB7910F2E", "Roles": [ { "Ref": "OrchestrationConstructModerationLabelsTaskLambdaFunctionServiceRole93530097", }, ], }, "Type": "AWS::IAM::Policy", }, "OrchestrationConstructModerationLabelsTaskLambdaFunctionSqsEventSourceOrchestrationConstructModerationLabelsTaskqueue7A8DECA2C5E887A0": { "Properties": { "BatchSize": 1, "Enabled": true, "EventSourceArn": { "Fn::GetAtt": [ "OrchestrationConstructModerationLabelsTaskqueueEFF25AE6", "Arn", ], }, "FunctionName": { "Ref": "OrchestrationConstructModerationLabelsTaskLambdaFunction5DCF7649", }, }, "Type": "AWS::Lambda::EventSourceMapping", }, "OrchestrationConstructModerationLabelsTaskdeadLetterQueue2881344E": { "DeletionPolicy": "Delete", "Properties": { "KmsMasterKeyId": "alias/aws/sqs", }, "Type": "AWS::SQS::Queue", "UpdateReplacePolicy": "Delete", }, "OrchestrationConstructModerationLabelsTaskdeadLetterQueuePolicyDAB7CA39": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "sqs:DeleteMessage", "sqs:ReceiveMessage", "sqs:SendMessage", "sqs:GetQueueAttributes", "sqs:RemovePermission", "sqs:AddPermission", "sqs:SetQueueAttributes", ], "Effect": "Allow", "Principal": { "AWS": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::", { "Ref": "AWS::AccountId", }, ":root", ], ], }, }, "Resource": { "Fn::GetAtt": [ "OrchestrationConstructModerationLabelsTaskdeadLetterQueue2881344E", "Arn", ], }, "Sid": "QueueOwnerOnlyAccess", }, { "Action": "SQS:*", "Condition": { "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": { "AWS": "*", }, "Resource": { "Fn::GetAtt": [ "OrchestrationConstructModerationLabelsTaskdeadLetterQueue2881344E", "Arn", ], }, "Sid": "HttpsOnly", }, ], "Version": "2012-10-17", }, "Queues": [ { "Ref": "OrchestrationConstructModerationLabelsTaskdeadLetterQueue2881344E", }, ], }, "Type": "AWS::SQS::QueuePolicy", }, "OrchestrationConstructModerationLabelsTaskqueueEFF25AE6": { "DeletionPolicy": "Delete", "Properties": { "KmsMasterKeyId": "alias/aws/sqs", "RedrivePolicy": { "deadLetterTargetArn": { "Fn::GetAtt": [ "OrchestrationConstructModerationLabelsTaskdeadLetterQueue2881344E", "Arn", ], }, "maxReceiveCount": 15, }, "VisibilityTimeout": 3600, }, "Type": "AWS::SQS::Queue", "UpdateReplacePolicy": "Delete", }, "OrchestrationConstructModerationLabelsTaskqueuePolicy33E02C08": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "sqs:DeleteMessage", "sqs:ReceiveMessage", "sqs:SendMessage", "sqs:GetQueueAttributes", "sqs:RemovePermission", "sqs:AddPermission", "sqs:SetQueueAttributes", ], "Effect": "Allow", "Principal": { "AWS": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::", { "Ref": "AWS::AccountId", }, ":root", ], ], }, }, "Resource": { "Fn::GetAtt": [ "OrchestrationConstructModerationLabelsTaskqueueEFF25AE6", "Arn", ], }, "Sid": "QueueOwnerOnlyAccess", }, { "Action": "SQS:*", "Condition": { "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": { "AWS": "*", }, "Resource": { "Fn::GetAtt": [ "OrchestrationConstructModerationLabelsTaskqueueEFF25AE6", "Arn", ], }, "Sid": "HttpsOnly", }, ], "Version": "2012-10-17", }, "Queues": [ { "Ref": "OrchestrationConstructModerationLabelsTaskqueueEFF25AE6", }, ], }, "Type": "AWS::SQS::QueuePolicy", }, "OrchestrationConstructNEWSFEEDSRawForTAFirehoseRole5CC2062D": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "firehose.amazonaws.com", }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "OrchestrationConstructNEWSFEEDSRawForTAFirehoseRoleDefaultPolicy6D304A4C": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", "s3:DeleteObject*", "s3:PutObject*", "s3:Abort*", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "OrchestrationConstructS3Bucket2727DF68", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "OrchestrationConstructS3Bucket2727DF68", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "OrchestrationConstructNEWSFEEDSRawForTAFirehoseRoleDefaultPolicy6D304A4C", "Roles": [ { "Ref": "OrchestrationConstructNEWSFEEDSRawForTAFirehoseRole5CC2062D", }, ], }, "Type": "AWS::IAM::Policy", }, "OrchestrationConstructNEWSFEEDSRawForTAKinesisFirehose020698CF": { "DependsOn": [ "OrchestrationConstructNEWSFEEDSRawForTAFirehoseRoleDefaultPolicy6D304A4C", "OrchestrationConstructNEWSFEEDSRawForTAFirehoseRole5CC2062D", ], "Properties": { "DeliveryStreamEncryptionConfigurationInput": { "KeyType": "AWS_OWNED_CMK", }, "DeliveryStreamType": "DirectPut", "ExtendedS3DestinationConfiguration": { "BucketARN": { "Fn::GetAtt": [ "OrchestrationConstructS3Bucket2727DF68", "Arn", ], }, "BufferingHints": { "IntervalInSeconds": 600, "SizeInMBs": 128, }, "CloudWatchLoggingOptions": { "Enabled": true, "LogGroupName": { "Ref": "OrchestrationConstructNEWSFEEDSRawForTAKinesisFirehosefirehoseloggroup0BA96DC5", }, "LogStreamName": { "Ref": "OrchestrationConstructNEWSFEEDSRawForTAKinesisFirehosefirehoseloggroupfirehoselogstreamAFB30C3B", }, }, "CompressionFormat": "UNCOMPRESSED", "EncryptionConfiguration": { "KMSEncryptionConfig": { "AWSKMSKeyARN": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":kms:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":alias/aws/s3", ], ], }, }, }, "Prefix": "newsfeeds/", "RoleARN": { "Fn::GetAtt": [ "OrchestrationConstructNEWSFEEDSRawForTAFirehoseRole5CC2062D", "Arn", ], }, }, }, "Type": "AWS::KinesisFirehose::DeliveryStream", }, "OrchestrationConstructNEWSFEEDSRawForTAKinesisFirehoseKinesisFirehosePolicy532D1803": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "s3:AbortMultipartUpload", "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:PutObject", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "OrchestrationConstructS3Bucket2727DF68", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "OrchestrationConstructS3Bucket2727DF68", "Arn", ], }, "/*", ], ], }, ], }, { "Action": "logs:PutLogEvents", "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:", { "Ref": "OrchestrationConstructNEWSFEEDSRawForTAKinesisFirehosefirehoseloggroup0BA96DC5", }, ":log-stream:", { "Ref": "OrchestrationConstructNEWSFEEDSRawForTAKinesisFirehosefirehoseloggroupfirehoselogstreamAFB30C3B", }, ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "OrchestrationConstructNEWSFEEDSRawForTAKinesisFirehoseKinesisFirehosePolicy532D1803", "Roles": [ { "Ref": "OrchestrationConstructNEWSFEEDSRawForTAKinesisFirehoseKinesisFirehoseRoleDE2C9E27", }, ], }, "Type": "AWS::IAM::Policy", }, "OrchestrationConstructNEWSFEEDSRawForTAKinesisFirehoseKinesisFirehoseRoleDE2C9E27": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "firehose.amazonaws.com", }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "OrchestrationConstructNEWSFEEDSRawForTAKinesisFirehosefirehoseloggroup0BA96DC5": { "DeletionPolicy": "Retain", "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W86", "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", }, { "id": "W84", "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", }, ], }, }, "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, "OrchestrationConstructNEWSFEEDSRawForTAKinesisFirehosefirehoseloggroupfirehoselogstreamAFB30C3B": { "DeletionPolicy": "Retain", "Properties": { "LogGroupName": { "Ref": "OrchestrationConstructNEWSFEEDSRawForTAKinesisFirehosefirehoseloggroup0BA96DC5", }, }, "Type": "AWS::Logs::LogStream", "UpdateReplacePolicy": "Retain", }, "OrchestrationConstructPublishEventsLambdaFunctionE1376EA6": { "DependsOn": [ "OrchestrationConstructPublishEventsLambdaFunctionServiceRoleDefaultPolicy320C691C", "OrchestrationConstructPublishEventsLambdaFunctionServiceRole4EA0B6AB", ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W58", "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", }, { "id": "W89", "reason": "This is not a rule for the general case, just for specific use cases/industries", }, { "id": "W92", "reason": "Impossible for us to define the correct concurrency for clients", }, ], }, }, "Properties": { "Code": { "S3Bucket": { "Ref": "AssetParametersb698e17c71e40cf3e7e16b201f4f643a6f9c5d31fa42ffc38c5e361520b75537S3Bucket59CF3236", }, "S3Key": { "Fn::Join": [ "", [ { "Fn::Select": [ 0, { "Fn::Split": [ "||", { "Ref": "AssetParametersb698e17c71e40cf3e7e16b201f4f643a6f9c5d31fa42ffc38c5e361520b75537S3VersionKeyAB3868BB", }, ], }, ], }, { "Fn::Select": [ 1, { "Fn::Split": [ "||", { "Ref": "AssetParametersb698e17c71e40cf3e7e16b201f4f643a6f9c5d31fa42ffc38c5e361520b75537S3VersionKeyAB3868BB", }, ], }, ], }, ], ], }, }, "Environment": { "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", "EVENT_BUS_NAME": { "Ref": "TestEventBus12626D66", }, "EVENT_NAMESPACE": "com.test.text", }, }, "Handler": "index.handler", "MemorySize": 256, "Role": { "Fn::GetAtt": [ "OrchestrationConstructPublishEventsLambdaFunctionServiceRole4EA0B6AB", "Arn", ], }, "Runtime": "nodejs14.x", "Timeout": 300, "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, "OrchestrationConstructPublishEventsLambdaFunctionServiceRole4EA0B6AB": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": [ { "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "LambdaFunctionServiceRolePolicy", }, ], }, "Type": "AWS::IAM::Role", }, "OrchestrationConstructPublishEventsLambdaFunctionServiceRoleDefaultPolicy320C691C": { "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "OrchestrationConstructPublishEventsLambdaFunctionServiceRoleDefaultPolicy320C691C", "Roles": [ { "Ref": "OrchestrationConstructPublishEventsLambdaFunctionServiceRole4EA0B6AB", }, ], }, "Type": "AWS::IAM::Policy", }, "OrchestrationConstructS3Bucket2727DF68": { "DeletionPolicy": "Retain", "Properties": { "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256", }, }, ], }, "LoggingConfiguration": { "DestinationBucketName": { "Ref": "AccessLogD598EBE9", }, "LogFilePrefix": "OrchestrationConstruct/", }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "OrchestrationConstructS3BucketPolicy84DB4878": { "Properties": { "Bucket": { "Ref": "OrchestrationConstructS3Bucket2727DF68", }, "PolicyDocument": { "Statement": [ { "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": { "AWS": "*", }, "Resource": [ { "Fn::GetAtt": [ "OrchestrationConstructS3Bucket2727DF68", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "OrchestrationConstructS3Bucket2727DF68", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, }, "Type": "AWS::S3::BucketPolicy", }, "OrchestrationConstructStateMachineWorkflowEngineWorkflowEngineWExecutionAbortedAlarm0651F077": { "Properties": { "AlarmDescription": "Alarm for the number of executions that aborted exceeded the threshold of 1. ", "ComparisonOperator": "GreaterThanOrEqualToThreshold", "Dimensions": [ { "Name": "StateMachineArn", "Value": { "Ref": "OrchestrationConstructStateMachineWorkflowEngineWorkflowEngineWStateMachineC4881B23", }, }, ], "EvaluationPeriods": 1, "MetricName": "ExecutionsAborted", "Namespace": "AWS/States", "Period": 300, "Statistic": "Maximum", "Threshold": 1, }, "Type": "AWS::CloudWatch::Alarm", }, "OrchestrationConstructStateMachineWorkflowEngineWorkflowEngineWExecutionFailedAlarmBB7AE32E": { "Properties": { "AlarmDescription": "Alarm for the number of executions that failed exceeded the threshold of 1. ", "ComparisonOperator": "GreaterThanOrEqualToThreshold", "Dimensions": [ { "Name": "StateMachineArn", "Value": { "Ref": "OrchestrationConstructStateMachineWorkflowEngineWorkflowEngineWStateMachineC4881B23", }, }, ], "EvaluationPeriods": 1, "MetricName": "ExecutionsFailed", "Namespace": "AWS/States", "Period": 300, "Statistic": "Sum", "Threshold": 1, }, "Type": "AWS::CloudWatch::Alarm", }, "OrchestrationConstructStateMachineWorkflowEngineWorkflowEngineWExecutionThrottledAlarmEC6C19C5": { "Properties": { "AlarmDescription": "Alarm for the number of executions that throttled exceeded the threshold of 1. ", "ComparisonOperator": "GreaterThanOrEqualToThreshold", "Dimensions": [ { "Name": "StateMachineArn", "Value": { "Ref": "OrchestrationConstructStateMachineWorkflowEngineWorkflowEngineWStateMachineC4881B23", }, }, ], "EvaluationPeriods": 1, "MetricName": "ExecutionThrottled", "Namespace": "AWS/States", "Period": 300, "Statistic": "Sum", "Threshold": 1, }, "Type": "AWS::CloudWatch::Alarm", }, "OrchestrationConstructStateMachineWorkflowEngineWorkflowEngineWStateMachineC4881B23": { "DependsOn": [ "OrchestrationConstructStateMachineWorkflowEngineWorkflowEngineWStateMachineRoleDefaultPolicy1DE677E7", "OrchestrationConstructStateMachineWorkflowEngineWorkflowEngineWStateMachineRole3460ED4F", ], "Properties": { "DefinitionString": { "Fn::Join": [ "", [ "{"StartAt":"LanguageAvailable?","States":{"LanguageAvailable?":{"Type":"Choice","Comment":"Check if the language is available","InputPath":"$","Choices":[{"Variable":"$.feed.lang","IsPresent":false,"Next":"DetectLangSendMessage"},{"Variable":"$.feed.lang","StringEquals":"und","Next":"DetectLangSendMessage"},{"Variable":"$.feed.lang","StringEquals":"None","Next":"DetectLangSendMessage"}],"Default":"ImageAnalysisSendMessage"},"ImageAnalysisSendMessage":{"Next":"TextImageSplitProcess","Retry":[{"ErrorEquals":["States.ALL"],"IntervalSeconds":3,"MaxAttempts":6,"BackoffRate":2}],"Catch":[{"ErrorEquals":["States.ALL"],"Next":"ImageAnalysisTaskFailed"}],"Type":"Task","TimeoutSeconds":86400,"HeartbeatSeconds":43200,"OutputPath":"$","Resource":"arn:", { "Ref": "AWS::Partition", }, ":states:::sqs:sendMessage.waitForTaskToken","Parameters":{"QueueUrl":"", { "Ref": "OrchestrationConstructImageAnalysisTaskqueue25D79D1F", }, "","MessageBody":{"input.$":"$","taskToken.$":"$$.Task.Token"}}},"DetectLangSendMessage":{"Next":"ImageAnalysisSendMessage","Retry":[{"ErrorEquals":["States.ALL"],"IntervalSeconds":3,"MaxAttempts":6,"BackoffRate":2}],"Catch":[{"ErrorEquals":["States.ALL"],"Next":"DetectLangTaskFailed"}],"Type":"Task","TimeoutSeconds":86400,"HeartbeatSeconds":43200,"OutputPath":"$","Resource":"arn:", { "Ref": "AWS::Partition", }, ":states:::sqs:sendMessage.waitForTaskToken","Parameters":{"QueueUrl":"", { "Ref": "OrchestrationConstructDetectLangTaskqueue7F10D52E", }, "","MessageBody":{"input.$":"$","taskToken.$":"$$.Task.Token"}}},"DetectLangTaskFailed":{"Type":"Fail","Cause":"$.cause"},"TextImageSplitProcess":{"Type":"Parallel","Comment":"Parallely process Text and Image","Next":"MergeJson","InputPath":"$","OutputPath":"$","Branches":[{"StartAt":"ModerationLabelsSendMessage","States":{"ModerationLabelsSendMessage":{"End":true,"Retry":[{"ErrorEquals":["States.ALL"],"IntervalSeconds":3,"MaxAttempts":6,"BackoffRate":2}],"Catch":[{"ErrorEquals":["States.ALL"],"Next":"ModerationLabelsTaskFailed"}],"Type":"Task","TimeoutSeconds":86400,"HeartbeatSeconds":43200,"OutputPath":"$.moderation_labels_in_imgs","Resource":"arn:", { "Ref": "AWS::Partition", }, ":states:::sqs:sendMessage.waitForTaskToken","Parameters":{"QueueUrl":"", { "Ref": "OrchestrationConstructModerationLabelsTaskqueueEFF25AE6", }, "","MessageBody":{"input.$":"$","taskToken.$":"$$.Task.Token"}}},"ModerationLabelsTaskFailed":{"Type":"Fail","Cause":"$.cause"}}},{"StartAt":"TranslateSendMessage","States":{"TranslateSendMessage":{"Next":"TextAnalysisSendMessage","Retry":[{"ErrorEquals":["States.ALL"],"IntervalSeconds":3,"MaxAttempts":6,"BackoffRate":2}],"Catch":[{"ErrorEquals":["States.ALL"],"Next":"TranslateTaskFailed"}],"Type":"Task","TimeoutSeconds":86400,"HeartbeatSeconds":43200,"OutputPath":"$","Resource":"arn:", { "Ref": "AWS::Partition", }, ":states:::sqs:sendMessage.waitForTaskToken","Parameters":{"QueueUrl":"", { "Ref": "OrchestrationConstructTranslateTaskqueueA95723A7", }, "","MessageBody":{"input.$":"$","taskToken.$":"$$.Task.Token"}}},"TextAnalysisSendMessage":{"End":true,"Retry":[{"ErrorEquals":["States.ALL"],"IntervalSeconds":3,"MaxAttempts":6,"BackoffRate":2}],"Catch":[{"ErrorEquals":["States.ALL"],"Next":"TextAnalysisTaskFailed"}],"Type":"Task","TimeoutSeconds":86400,"HeartbeatSeconds":43200,"OutputPath":"$","Resource":"arn:", { "Ref": "AWS::Partition", }, ":states:::sqs:sendMessage.waitForTaskToken","Parameters":{"QueueUrl":"", { "Ref": "OrchestrationConstructTextAnalysisTaskqueueDF7049B0", }, "","MessageBody":{"input.$":"$","taskToken.$":"$$.Task.Token"}}},"TextAnalysisTaskFailed":{"Type":"Fail","Cause":"$.cause"},"TranslateTaskFailed":{"Type":"Fail","Cause":"$.cause"}}}]},"MergeJson":{"Type":"Pass","Parameters":{"account_name.$":"$[1].account_name","platform.$":"$[1].platform","search_query.$":"$[1].search_query","feed.$":"$[1].feed","Sentiment.$":"$[1].Sentiment","SentimentScore.$":"$[1].SentimentScore","KeyPhrases.$":"$[1].KeyPhrases","Entities.$":"$[1].Entities","moderation_labels_in_imgs.$":"$[0]","text_in_images.$":"$[1].text_in_images"},"Next":"PublishEvents"},"PublishEvents":{"Next":"Success","Retry":[{"ErrorEquals":["Lambda.ServiceException","Lambda.AWSLambdaException","Lambda.SdkClientException"],"IntervalSeconds":2,"MaxAttempts":6,"BackoffRate":2}],"Catch":[{"ErrorEquals":["States.ALL"],"Next":"PublishEventsTaskFailed"}],"Type":"Task","HeartbeatSeconds":900,"Resource":"arn:", { "Ref": "AWS::Partition", }, ":states:::lambda:invoke","Parameters":{"FunctionName":"", { "Fn::GetAtt": [ "OrchestrationConstructPublishEventsLambdaFunctionE1376EA6", "Arn", ], }, "","Payload.$":"$"}},"Success":{"Type":"Succeed"},"PublishEventsTaskFailed":{"Type":"Fail","Cause":"$.cause"},"ImageAnalysisTaskFailed":{"Type":"Fail","Cause":"$.cause"}}}", ], ], }, "LoggingConfiguration": { "Destinations": [ { "CloudWatchLogsLogGroup": { "LogGroupArn": { "Fn::GetAtt": [ "OrchestrationConstructStateMachineWorkflowEngineWorkflowEngineWStateMachineLogGroup0B218F30", "Arn", ], }, }, }, ], "Level": "ERROR", }, "RoleArn": { "Fn::GetAtt": [ "OrchestrationConstructStateMachineWorkflowEngineWorkflowEngineWStateMachineRole3460ED4F", "Arn", ], }, }, "Type": "AWS::StepFunctions::StateMachine", }, "OrchestrationConstructStateMachineWorkflowEngineWorkflowEngineWStateMachineLogGroup0B218F30": { "DeletionPolicy": "Retain", "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W86", "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", }, { "id": "W84", "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", }, ], }, }, "Properties": { "LogGroupName": "/aws/vendedlogs/states/defaultworkflowenginewstatemachinelog2ac7be90cd8f", }, "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, "OrchestrationConstructStateMachineWorkflowEngineWorkflowEngineWStateMachineRole3460ED4F": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": { "Fn::FindInMap": [ "ServiceprincipalMap", { "Ref": "AWS::Region", }, "states", ], }, }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "OrchestrationConstructStateMachineWorkflowEngineWorkflowEngineWStateMachineRoleDefaultPolicy1DE677E7": { "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W76", "reason": "The statemachine invokes multiple lambdas and the policy is narrowed down to the specific lambda resource arn. Hence it has multiple policy statements resulting in a higher SPCM value", }, { "id": "W12", "reason": "The "LogDelivery" actions do not support resource-level authorization", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogDelivery", "logs:GetLogDelivery", "logs:UpdateLogDelivery", "logs:DeleteLogDelivery", "logs:ListLogDeliveries", ], "Effect": "Allow", "Resource": "*", }, { "Action": "sqs:SendMessage", "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "OrchestrationConstructImageAnalysisTaskqueue25D79D1F", "Arn", ], }, }, { "Action": "sqs:SendMessage", "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "OrchestrationConstructDetectLangTaskqueue7F10D52E", "Arn", ], }, }, { "Action": "lambda:InvokeFunction", "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "OrchestrationConstructPublishEventsLambdaFunctionE1376EA6", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "OrchestrationConstructPublishEventsLambdaFunctionE1376EA6", "Arn", ], }, ":*", ], ], }, ], }, { "Action": "sqs:SendMessage", "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "OrchestrationConstructModerationLabelsTaskqueueEFF25AE6", "Arn", ], }, }, { "Action": "sqs:SendMessage", "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "OrchestrationConstructTranslateTaskqueueA95723A7", "Arn", ], }, }, { "Action": "sqs:SendMessage", "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "OrchestrationConstructTextAnalysisTaskqueueDF7049B0", "Arn", ], }, }, { "Action": [ "logs:PutResourcePolicy", "logs:DescribeResourcePolicies", "logs:DescribeLogGroups", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "OrchestrationConstructStateMachineWorkflowEngineWorkflowEngineWStateMachineRoleDefaultPolicy1DE677E7", "Roles": [ { "Ref": "OrchestrationConstructStateMachineWorkflowEngineWorkflowEngineWStateMachineRole3460ED4F", }, ], }, "Type": "AWS::IAM::Policy", }, "OrchestrationConstructTWITTERRawForTAFirehoseRoleDefaultPolicy7D44D56C": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", "s3:DeleteObject*", "s3:PutObject*", "s3:Abort*", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "OrchestrationConstructS3Bucket2727DF68", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "OrchestrationConstructS3Bucket2727DF68", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "OrchestrationConstructTWITTERRawForTAFirehoseRoleDefaultPolicy7D44D56C", "Roles": [ { "Ref": "OrchestrationConstructTWITTERRawForTAFirehoseRoleEB1640D9", }, ], }, "Type": "AWS::IAM::Policy", }, "OrchestrationConstructTWITTERRawForTAFirehoseRoleEB1640D9": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "firehose.amazonaws.com", }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "OrchestrationConstructTWITTERRawForTAKinesisFirehose7EC25066": { "DependsOn": [ "OrchestrationConstructTWITTERRawForTAFirehoseRoleDefaultPolicy7D44D56C", "OrchestrationConstructTWITTERRawForTAFirehoseRoleEB1640D9", ], "Properties": { "DeliveryStreamEncryptionConfigurationInput": { "KeyType": "AWS_OWNED_CMK", }, "DeliveryStreamType": "DirectPut", "ExtendedS3DestinationConfiguration": { "BucketARN": { "Fn::GetAtt": [ "OrchestrationConstructS3Bucket2727DF68", "Arn", ], }, "BufferingHints": { "IntervalInSeconds": 600, "SizeInMBs": 128, }, "CloudWatchLoggingOptions": { "Enabled": true, "LogGroupName": { "Ref": "OrchestrationConstructTWITTERRawForTAKinesisFirehosefirehoseloggroupD86A6349", }, "LogStreamName": { "Ref": "OrchestrationConstructTWITTERRawForTAKinesisFirehosefirehoseloggroupfirehoselogstream70339ABC", }, }, "CompressionFormat": "UNCOMPRESSED", "EncryptionConfiguration": { "KMSEncryptionConfig": { "AWSKMSKeyARN": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":kms:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":alias/aws/s3", ], ], }, }, }, "Prefix": "twitter/", "RoleARN": { "Fn::GetAtt": [ "OrchestrationConstructTWITTERRawForTAFirehoseRoleEB1640D9", "Arn", ], }, }, }, "Type": "AWS::KinesisFirehose::DeliveryStream", }, "OrchestrationConstructTWITTERRawForTAKinesisFirehoseKinesisFirehosePolicy8191D081": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "s3:AbortMultipartUpload", "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:PutObject", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "OrchestrationConstructS3Bucket2727DF68", "Arn", ], }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "OrchestrationConstructS3Bucket2727DF68", "Arn", ], }, "/*", ], ], }, ], }, { "Action": "logs:PutLogEvents", "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:", { "Ref": "OrchestrationConstructTWITTERRawForTAKinesisFirehosefirehoseloggroupD86A6349", }, ":log-stream:", { "Ref": "OrchestrationConstructTWITTERRawForTAKinesisFirehosefirehoseloggroupfirehoselogstream70339ABC", }, ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "OrchestrationConstructTWITTERRawForTAKinesisFirehoseKinesisFirehosePolicy8191D081", "Roles": [ { "Ref": "OrchestrationConstructTWITTERRawForTAKinesisFirehoseKinesisFirehoseRoleB89EAC4F", }, ], }, "Type": "AWS::IAM::Policy", }, "OrchestrationConstructTWITTERRawForTAKinesisFirehoseKinesisFirehoseRoleB89EAC4F": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "firehose.amazonaws.com", }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "OrchestrationConstructTWITTERRawForTAKinesisFirehosefirehoseloggroupD86A6349": { "DeletionPolicy": "Retain", "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W86", "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", }, { "id": "W84", "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", }, ], }, }, "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, "OrchestrationConstructTWITTERRawForTAKinesisFirehosefirehoseloggroupfirehoselogstream70339ABC": { "DeletionPolicy": "Retain", "Properties": { "LogGroupName": { "Ref": "OrchestrationConstructTWITTERRawForTAKinesisFirehosefirehoseloggroupD86A6349", }, }, "Type": "AWS::Logs::LogStream", "UpdateReplacePolicy": "Retain", }, "OrchestrationConstructTextAnalysisLambdaStateMachineTaskD87DC9CC": { "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "State machine resource not available, hence defaulting to "*"", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "states:SendTaskSuccess", "states:sendTaskFailure", "states:SendTaskHeartbeat", ], "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "OrchestrationConstructTextAnalysisLambdaStateMachineTaskD87DC9CC", "Roles": [ { "Ref": "OrchestrationConstructTextAnalysisTaskLambdaFunctionServiceRoleF3C02291", }, ], }, "Type": "AWS::IAM::Policy", }, "OrchestrationConstructTextAnalysisTaskLambdaFunctionDEF36561": { "DependsOn": [ "OrchestrationConstructTextAnalysisTaskLambdaFunctionServiceRoleDefaultPolicy2664BA58", "OrchestrationConstructTextAnalysisTaskLambdaFunctionServiceRoleF3C02291", ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W58", "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", }, { "id": "W89", "reason": "This is not a rule for the general case, just for specific use cases/industries", }, { "id": "W92", "reason": "Impossible for us to define the correct concurrency for clients", }, ], }, }, "Properties": { "Code": { "S3Bucket": { "Ref": "AssetParameters7f8a28135926e236abcf6230f1fe0a163a37a28e3dcd147d41bb1d4c9bb04566S3BucketCEE53B1D", }, "S3Key": { "Fn::Join": [ "", [ { "Fn::Select": [ 0, { "Fn::Split": [ "||", { "Ref": "AssetParameters7f8a28135926e236abcf6230f1fe0a163a37a28e3dcd147d41bb1d4c9bb04566S3VersionKey4FECF295", }, ], }, ], }, { "Fn::Select": [ 1, { "Fn::Split": [ "||", { "Ref": "AssetParameters7f8a28135926e236abcf6230f1fe0a163a37a28e3dcd147d41bb1d4c9bb04566S3VersionKey4FECF295", }, ], }, ], }, ], ], }, }, "Environment": { "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", }, }, "Handler": "index.handler", "ReservedConcurrentExecutions": 15, "Role": { "Fn::GetAtt": [ "OrchestrationConstructTextAnalysisTaskLambdaFunctionServiceRoleF3C02291", "Arn", ], }, "Runtime": "nodejs14.x", "Timeout": 300, "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, "OrchestrationConstructTextAnalysisTaskLambdaFunctionServiceRoleDefaultPolicy2664BA58": { "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, { "Action": [ "sqs:ReceiveMessage", "sqs:ChangeMessageVisibility", "sqs:GetQueueUrl", "sqs:DeleteMessage", "sqs:GetQueueAttributes", ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "OrchestrationConstructTextAnalysisTaskqueueDF7049B0", "Arn", ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "OrchestrationConstructTextAnalysisTaskLambdaFunctionServiceRoleDefaultPolicy2664BA58", "Roles": [ { "Ref": "OrchestrationConstructTextAnalysisTaskLambdaFunctionServiceRoleF3C02291", }, ], }, "Type": "AWS::IAM::Policy", }, "OrchestrationConstructTextAnalysisTaskLambdaFunctionServiceRoleF3C02291": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": [ { "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "LambdaFunctionServiceRolePolicy", }, ], }, "Type": "AWS::IAM::Role", }, "OrchestrationConstructTextAnalysisTaskLambdaFunctionSqsEventSourceOrchestrationConstructTextAnalysisTaskqueue8C431D71CAE99670": { "Properties": { "BatchSize": 1, "Enabled": true, "EventSourceArn": { "Fn::GetAtt": [ "OrchestrationConstructTextAnalysisTaskqueueDF7049B0", "Arn", ], }, "FunctionName": { "Ref": "OrchestrationConstructTextAnalysisTaskLambdaFunctionDEF36561", }, }, "Type": "AWS::Lambda::EventSourceMapping", }, "OrchestrationConstructTextAnalysisTaskdeadLetterQueueAA58BD95": { "DeletionPolicy": "Delete", "Properties": { "KmsMasterKeyId": "alias/aws/sqs", }, "Type": "AWS::SQS::Queue", "UpdateReplacePolicy": "Delete", }, "OrchestrationConstructTextAnalysisTaskdeadLetterQueuePolicy730FE874": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "sqs:DeleteMessage", "sqs:ReceiveMessage", "sqs:SendMessage", "sqs:GetQueueAttributes", "sqs:RemovePermission", "sqs:AddPermission", "sqs:SetQueueAttributes", ], "Effect": "Allow", "Principal": { "AWS": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::", { "Ref": "AWS::AccountId", }, ":root", ], ], }, }, "Resource": { "Fn::GetAtt": [ "OrchestrationConstructTextAnalysisTaskdeadLetterQueueAA58BD95", "Arn", ], }, "Sid": "QueueOwnerOnlyAccess", }, { "Action": "SQS:*", "Condition": { "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": { "AWS": "*", }, "Resource": { "Fn::GetAtt": [ "OrchestrationConstructTextAnalysisTaskdeadLetterQueueAA58BD95", "Arn", ], }, "Sid": "HttpsOnly", }, ], "Version": "2012-10-17", }, "Queues": [ { "Ref": "OrchestrationConstructTextAnalysisTaskdeadLetterQueueAA58BD95", }, ], }, "Type": "AWS::SQS::QueuePolicy", }, "OrchestrationConstructTextAnalysisTaskqueueDF7049B0": { "DeletionPolicy": "Delete", "Properties": { "KmsMasterKeyId": "alias/aws/sqs", "RedrivePolicy": { "deadLetterTargetArn": { "Fn::GetAtt": [ "OrchestrationConstructTextAnalysisTaskdeadLetterQueueAA58BD95", "Arn", ], }, "maxReceiveCount": 15, }, "VisibilityTimeout": 3600, }, "Type": "AWS::SQS::Queue", "UpdateReplacePolicy": "Delete", }, "OrchestrationConstructTextAnalysisTaskqueuePolicy6CBE94D6": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "sqs:DeleteMessage", "sqs:ReceiveMessage", "sqs:SendMessage", "sqs:GetQueueAttributes", "sqs:RemovePermission", "sqs:AddPermission", "sqs:SetQueueAttributes", ], "Effect": "Allow", "Principal": { "AWS": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::", { "Ref": "AWS::AccountId", }, ":root", ], ], }, }, "Resource": { "Fn::GetAtt": [ "OrchestrationConstructTextAnalysisTaskqueueDF7049B0", "Arn", ], }, "Sid": "QueueOwnerOnlyAccess", }, { "Action": "SQS:*", "Condition": { "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": { "AWS": "*", }, "Resource": { "Fn::GetAtt": [ "OrchestrationConstructTextAnalysisTaskqueueDF7049B0", "Arn", ], }, "Sid": "HttpsOnly", }, ], "Version": "2012-10-17", }, "Queues": [ { "Ref": "OrchestrationConstructTextAnalysisTaskqueueDF7049B0", }, ], }, "Type": "AWS::SQS::QueuePolicy", }, "OrchestrationConstructTextRekAnalyze15062BBD": { "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "The * resource allows lambda function to access Amazon Rekognition services. The Rekognition services do not have a resource arn. This permission is retricted to the lambda function responsible for accessing the Amazon Rekognition service", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": "rekognition:detectText", "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "OrchestrationConstructTextRekAnalyze15062BBD", "Roles": [ { "Ref": "OrchestrationConstructImageAnalysisTaskLambdaFunctionServiceRole9751CC46", }, ], }, "Type": "AWS::IAM::Policy", }, "OrchestrationConstructTranslateLambdaAED204A7": { "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "The * resource allows lambda function to access Amazon Translate services. The translate services do not have a resource arn. This permission is retricted to the lambda function responsible for accessing the Amazon Translate service", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": "translate:translateText", "Effect": "Allow", "Resource": "*", }, { "Action": [ "firehose:PutRecord", "firehose:PutRecordBatch", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "OrchestrationConstructTWITTERRawForTAKinesisFirehose7EC25066", "Arn", ], }, { "Fn::GetAtt": [ "OrchestrationConstructNEWSFEEDSRawForTAKinesisFirehose020698CF", "Arn", ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "OrchestrationConstructTranslateLambdaAED204A7", "Roles": [ { "Ref": "OrchestrationConstructTranslateTaskLambdaFunctionServiceRoleF1213170", }, ], }, "Type": "AWS::IAM::Policy", }, "OrchestrationConstructTranslateLambdaStateMachineTask4781921E": { "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "State machine resource not available, hence defaulting to "*"", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "states:SendTaskSuccess", "states:sendTaskFailure", "states:SendTaskHeartbeat", ], "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "OrchestrationConstructTranslateLambdaStateMachineTask4781921E", "Roles": [ { "Ref": "OrchestrationConstructTranslateTaskLambdaFunctionServiceRoleF1213170", }, ], }, "Type": "AWS::IAM::Policy", }, "OrchestrationConstructTranslateTaskLambdaFunction88C60D75": { "DependsOn": [ "OrchestrationConstructTranslateTaskLambdaFunctionServiceRoleDefaultPolicy8A260F88", "OrchestrationConstructTranslateTaskLambdaFunctionServiceRoleF1213170", ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W58", "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", }, { "id": "W89", "reason": "This is not a rule for the general case, just for specific use cases/industries", }, { "id": "W92", "reason": "Impossible for us to define the correct concurrency for clients", }, ], }, }, "Properties": { "Code": { "S3Bucket": { "Ref": "AssetParametersf53297b8b4f846ee863a1218f7b9452f3b9c1e129e17b71a3b696a25f40e1a25S3BucketA8A8D8EA", }, "S3Key": { "Fn::Join": [ "", [ { "Fn::Select": [ 0, { "Fn::Split": [ "||", { "Ref": "AssetParametersf53297b8b4f846ee863a1218f7b9452f3b9c1e129e17b71a3b696a25f40e1a25S3VersionKeyC5F02257", }, ], }, ], }, { "Fn::Select": [ 1, { "Fn::Split": [ "||", { "Ref": "AssetParametersf53297b8b4f846ee863a1218f7b9452f3b9c1e129e17b71a3b696a25f40e1a25S3VersionKeyC5F02257", }, ], }, ], }, ], ], }, }, "Environment": { "Variables": { "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", "KINESIS_FIREHOSE_FOR_NEWSFEEDS": { "Ref": "OrchestrationConstructNEWSFEEDSRawForTAKinesisFirehose020698CF", }, "KINESIS_FIREHOSE_FOR_TWITTER": { "Ref": "OrchestrationConstructTWITTERRawForTAKinesisFirehose7EC25066", }, }, }, "Handler": "index.handler", "ReservedConcurrentExecutions": 7, "Role": { "Fn::GetAtt": [ "OrchestrationConstructTranslateTaskLambdaFunctionServiceRoleF1213170", "Arn", ], }, "Runtime": "nodejs14.x", "Timeout": 300, "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, "OrchestrationConstructTranslateTaskLambdaFunctionServiceRoleDefaultPolicy8A260F88": { "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, { "Action": [ "sqs:ReceiveMessage", "sqs:ChangeMessageVisibility", "sqs:GetQueueUrl", "sqs:DeleteMessage", "sqs:GetQueueAttributes", ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "OrchestrationConstructTranslateTaskqueueA95723A7", "Arn", ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "OrchestrationConstructTranslateTaskLambdaFunctionServiceRoleDefaultPolicy8A260F88", "Roles": [ { "Ref": "OrchestrationConstructTranslateTaskLambdaFunctionServiceRoleF1213170", }, ], }, "Type": "AWS::IAM::Policy", }, "OrchestrationConstructTranslateTaskLambdaFunctionServiceRoleF1213170": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": [ { "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":logs:", { "Ref": "AWS::Region", }, ":", { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "LambdaFunctionServiceRolePolicy", }, ], }, "Type": "AWS::IAM::Role", }, "OrchestrationConstructTranslateTaskLambdaFunctionSqsEventSourceOrchestrationConstructTranslateTaskqueue010D1DDB1D774C1E": { "Properties": { "BatchSize": 1, "Enabled": true, "EventSourceArn": { "Fn::GetAtt": [ "OrchestrationConstructTranslateTaskqueueA95723A7", "Arn", ], }, "FunctionName": { "Ref": "OrchestrationConstructTranslateTaskLambdaFunction88C60D75", }, }, "Type": "AWS::Lambda::EventSourceMapping", }, "OrchestrationConstructTranslateTaskdeadLetterQueue7F36E302": { "DeletionPolicy": "Delete", "Properties": { "KmsMasterKeyId": "alias/aws/sqs", }, "Type": "AWS::SQS::Queue", "UpdateReplacePolicy": "Delete", }, "OrchestrationConstructTranslateTaskdeadLetterQueuePolicy44E11384": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "sqs:DeleteMessage", "sqs:ReceiveMessage", "sqs:SendMessage", "sqs:GetQueueAttributes", "sqs:RemovePermission", "sqs:AddPermission", "sqs:SetQueueAttributes", ], "Effect": "Allow", "Principal": { "AWS": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::", { "Ref": "AWS::AccountId", }, ":root", ], ], }, }, "Resource": { "Fn::GetAtt": [ "OrchestrationConstructTranslateTaskdeadLetterQueue7F36E302", "Arn", ], }, "Sid": "QueueOwnerOnlyAccess", }, { "Action": "SQS:*", "Condition": { "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": { "AWS": "*", }, "Resource": { "Fn::GetAtt": [ "OrchestrationConstructTranslateTaskdeadLetterQueue7F36E302", "Arn", ], }, "Sid": "HttpsOnly", }, ], "Version": "2012-10-17", }, "Queues": [ { "Ref": "OrchestrationConstructTranslateTaskdeadLetterQueue7F36E302", }, ], }, "Type": "AWS::SQS::QueuePolicy", }, "OrchestrationConstructTranslateTaskqueueA95723A7": { "DeletionPolicy": "Delete", "Properties": { "KmsMasterKeyId": "alias/aws/sqs", "RedrivePolicy": { "deadLetterTargetArn": { "Fn::GetAtt": [ "OrchestrationConstructTranslateTaskdeadLetterQueue7F36E302", "Arn", ], }, "maxReceiveCount": 15, }, "VisibilityTimeout": 36000, }, "Type": "AWS::SQS::Queue", "UpdateReplacePolicy": "Delete", }, "OrchestrationConstructTranslateTaskqueuePolicy1BB3190D": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "sqs:DeleteMessage", "sqs:ReceiveMessage", "sqs:SendMessage", "sqs:GetQueueAttributes", "sqs:RemovePermission", "sqs:AddPermission", "sqs:SetQueueAttributes", ], "Effect": "Allow", "Principal": { "AWS": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::", { "Ref": "AWS::AccountId", }, ":root", ], ], }, }, "Resource": { "Fn::GetAtt": [ "OrchestrationConstructTranslateTaskqueueA95723A7", "Arn", ], }, "Sid": "QueueOwnerOnlyAccess", }, { "Action": "SQS:*", "Condition": { "Bool": { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": { "AWS": "*", }, "Resource": { "Fn::GetAtt": [ "OrchestrationConstructTranslateTaskqueueA95723A7", "Arn", ], }, "Sid": "HttpsOnly", }, ], "Version": "2012-10-17", }, "Queues": [ { "Ref": "OrchestrationConstructTranslateTaskqueueA95723A7", }, ], }, "Type": "AWS::SQS::QueuePolicy", }, "TestEventBus12626D66": { "Properties": { "Name": "TestEventBus", }, "Type": "AWS::Events::EventBus", }, "testFunction483F4CBE": { "DependsOn": [ "testFunctionServiceRoleDefaultPolicy159F3A68", "testFunctionServiceRoleFEC29B6F", ], "Properties": { "Code": { "S3Bucket": { "Ref": "AssetParameters299c4aa6b12f17ca77778daaab6dec763cdd7fef76db8f80ccf14b14e3c28de1S3Bucket76FDBA17", }, "S3Key": { "Fn::Join": [ "", [ { "Fn::Select": [ 0, { "Fn::Split": [ "||", { "Ref": "AssetParameters299c4aa6b12f17ca77778daaab6dec763cdd7fef76db8f80ccf14b14e3c28de1S3VersionKey11642BB1", }, ], }, ], }, { "Fn::Select": [ 1, { "Fn::Split": [ "||", { "Ref": "AssetParameters299c4aa6b12f17ca77778daaab6dec763cdd7fef76db8f80ccf14b14e3c28de1S3VersionKey11642BB1", }, ], }, ], }, ], ], }, }, "Environment": { "Variables": { "STATE_MACHINE_ARN": { "Ref": "OrchestrationConstructStateMachineWorkflowEngineWorkflowEngineWStateMachineC4881B23", }, }, }, "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "testFunctionServiceRoleFEC29B6F", "Arn", ], }, "Runtime": "python3.8", }, "Type": "AWS::Lambda::Function", }, "testFunctionServiceRoleDefaultPolicy159F3A68": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": "states:StartExecution", "Effect": "Allow", "Resource": { "Ref": "OrchestrationConstructStateMachineWorkflowEngineWorkflowEngineWStateMachineC4881B23", }, }, ], "Version": "2012-10-17", }, "PolicyName": "testFunctionServiceRoleDefaultPolicy159F3A68", "Roles": [ { "Ref": "testFunctionServiceRoleFEC29B6F", }, ], }, "Type": "AWS::IAM::Policy", }, "testFunctionServiceRoleFEC29B6F": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], ], }, ], }, "Type": "AWS::IAM::Role", }, }, } `;