// Jest Snapshot v1, https://goo.gl/fbAQLP exports[`InstanceSchedulerStack snapshot test 1`] = ` { "AWSTemplateFormatVersion": "2010-09-09", "Conditions": { "IsMemberOfOrganization": { "Fn::Equals": [ { "Ref": "UsingAWSOrganizations", }, "Yes", ], }, "ScheduleEC2": { "Fn::Or": [ { "Fn::Equals": [ { "Ref": "ScheduledServices", }, "EC2", ], }, { "Fn::Equals": [ { "Ref": "ScheduledServices", }, "Both", ], }, ], }, "ScheduleRDS": { "Fn::Or": [ { "Fn::Equals": [ { "Ref": "ScheduledServices", }, "RDS", ], }, { "Fn::Equals": [ { "Ref": "ScheduledServices", }, "Both", ], }, ], }, }, "Description": "", "Mappings": { "AppRegistryForInstanceSchedulerSolution25A90F05": { "Data": { "AppRegistryApplicationName": "instance-scheduler-on-aws", "ApplicationType": "AWS-Solutions", "ID": "SO0030", "SolutionName": "instance-scheduler-on-aws", "Version": "v1.5.0", }, }, "Send": { "AnonymousUsage": { "Data": "Yes", }, "ParameterKey": { "UniqueId": "/Solutions/instance-scheduler-on-aws/UUID/", }, }, "mappings": { "EnabledDisabled": { "No": "DISABLED", "Yes": "ENABLED", }, "SchedulerEventBusName": { "Name": "scheduler-event-bus", }, "SchedulerRole": { "Name": "Scheduler-Role", }, "Services": { "Both": "ec2,rds", "EC2": "ec2", "RDS": "rds", }, "Settings": { "MetricsSolutionId": "S00030", "MetricsUrl": "https://metrics.awssolutionsbuilder.com/generic", }, "Timeouts": { "1": "cron(0/1 * * * ? *)", "10": "cron(0/10 * * * ? *)", "15": "cron(0/15 * * * ? *)", "2": "cron(0/2 * * * ? *)", "30": "cron(0/30 * * * ? *)", "5": "cron(0/5 * * * ? *)", "60": "cron(0 0/1 * * ? *)", }, "TrueFalse": { "No": "False", "Yes": "True", }, }, }, "Metadata": { "AWS::CloudFormation::Interface": { "ParameterGroups": [ { "Label": { "default": "Scheduler (version v1.5.0)", }, "Parameters": [ "TagName", "ScheduledServices", "ScheduleRdsClusters", "CreateRdsSnapshot", "SchedulingActive", "DefaultTimezone", "ScheduleLambdaAccount", "SchedulerFrequency", "MemorySize", ], }, { "Label": { "default": "Namespace Configuration", }, "Parameters": [ "Namespace", ], }, { "Label": { "default": "Account Structure", }, "Parameters": [ "UsingAWSOrganizations", "Principals", "Regions", ], }, { "Label": { "default": "Options", }, "Parameters": [ "UseCloudWatchMetrics", "Trace", "EnableSSMMaintenanceWindows", ], }, { "Label": { "default": "Other parameters", }, "Parameters": [ "LogRetentionDays", "StartedTags", "StoppedTags", ], }, ], "ParameterLabels": { "CreateRdsSnapshot": { "default": "Create RDS instance snapshot", }, "DefaultTimezone": { "default": "Default time zone", }, "EnableSSMMaintenanceWindows": { "default": "Enable SSM Maintenance windows", }, "LogRetentionDays": { "default": "Log retention days", }, "MemorySize": { "default": "Memory size", }, "Namespace": { "default": "Namespace", }, "Principals": { "default": "Organization Id/Remote Account Ids", }, "Regions": { "default": "Region(s)", }, "ScheduleLambdaAccount": { "default": "This account", }, "ScheduleRdsClusters": { "default": "Schedule Aurora Clusters", }, "ScheduledServices": { "default": "Service(s) to schedule", }, "SchedulerFrequency": { "default": "Frequency", }, "SchedulingActive": { "default": "Scheduling enabled", }, "StartedTags": { "default": "Started tags", }, "StoppedTags": { "default": "Stopped tags", }, "TagName": { "default": "Instance Scheduler tag name", }, "Trace": { "default": "Enable CloudWatch Debug Logs", }, "UseCloudWatchMetrics": { "default": "Enable CloudWatch Metrics", }, "UsingAWSOrganizations": { "default": "Use AWS Organizations", }, }, }, }, "Outputs": { "AccountId": { "Description": "Account to give access to when creating cross-account access role for cross account scenario ", "Value": "111111111111", }, "ConfigurationTable": { "Description": "Name of the DynamoDB configuration table", "Value": { "Fn::GetAtt": [ "ConfigTable", "Arn", ], }, }, "IssueSnsTopicArn": { "Description": "Topic to subscribe to for notifications of errors and warnings", "Value": { "Ref": "InstanceSchedulerSnsTopic", }, }, "SchedulerRoleArn": { "Description": "Role for the instance scheduler lambda function", "Value": { "Fn::GetAtt": [ "SchedulerRole", "Arn", ], }, }, "ServiceInstanceScheduleServiceToken": { "Description": "Arn to use as ServiceToken property for custom resource type Custom::ServiceInstanceSchedule", "Value": { "Fn::GetAtt": [ "Main", "Arn", ], }, }, }, "Parameters": { "CreateRdsSnapshot": { "AllowedValues": [ "Yes", "No", ], "Default": "No", "Description": "Create snapshot before stopping RDS instances (does not apply to Aurora Clusters).", "Type": "String", }, "DefaultTimezone": { "AllowedValues": [ "Africa/Abidjan", "Africa/Accra", "Africa/Addis_Ababa", "Africa/Algiers", "Africa/Asmara", "Africa/Bamako", "Africa/Bangui", "Africa/Banjul", "Africa/Bissau", "Africa/Blantyre", "Africa/Brazzaville", "Africa/Bujumbura", "Africa/Cairo", "Africa/Casablanca", "Africa/Ceuta", "Africa/Conakry", "Africa/Dakar", "Africa/Dar_es_Salaam", "Africa/Djibouti", "Africa/Douala", "Africa/El_Aaiun", "Africa/Freetown", "Africa/Gaborone", "Africa/Harare", "Africa/Johannesburg", "Africa/Juba", "Africa/Kampala", "Africa/Khartoum", "Africa/Kigali", "Africa/Kinshasa", "Africa/Lagos", "Africa/Libreville", "Africa/Lome", "Africa/Luanda", "Africa/Lubumbashi", "Africa/Lusaka", "Africa/Malabo", "Africa/Maputo", "Africa/Maseru", "Africa/Mbabane", "Africa/Mogadishu", "Africa/Monrovia", "Africa/Nairobi", "Africa/Ndjamena", "Africa/Niamey", "Africa/Nouakchott", "Africa/Ouagadougou", "Africa/Porto-Novo", "Africa/Sao_Tome", "Africa/Tripoli", "Africa/Tunis", "Africa/Windhoek", "America/Adak", "America/Anchorage", "America/Anguilla", "America/Antigua", "America/Araguaina", "America/Argentina/Buenos_Aires", "America/Argentina/Catamarca", "America/Argentina/Cordoba", "America/Argentina/Jujuy", "America/Argentina/La_Rioja", "America/Argentina/Mendoza", "America/Argentina/Rio_Gallegos", "America/Argentina/Salta", "America/Argentina/San_Juan", "America/Argentina/San_Luis", "America/Argentina/Tucuman", "America/Argentina/Ushuaia", "America/Aruba", "America/Asuncion", "America/Atikokan", "America/Bahia", "America/Bahia_Banderas", "America/Barbados", "America/Belem", "America/Belize", "America/Blanc-Sablon", "America/Boa_Vista", "America/Bogota", "America/Boise", "America/Cambridge_Bay", "America/Campo_Grande", "America/Cancun", "America/Caracas", "America/Cayenne", "America/Cayman", "America/Chicago", "America/Chihuahua", "America/Costa_Rica", "America/Creston", "America/Cuiaba", "America/Curacao", "America/Danmarkshavn", "America/Dawson", "America/Dawson_Creek", "America/Denver", "America/Detroit", "America/Dominica", "America/Edmonton", "America/Eirunepe", "America/El_Salvador", "America/Fortaleza", "America/Glace_Bay", "America/Godthab", "America/Goose_Bay", "America/Grand_Turk", "America/Grenada", "America/Guadeloupe", "America/Guatemala", "America/Guayaquil", "America/Guyana", "America/Halifax", "America/Havana", "America/Hermosillo", "America/Indiana/Indianapolis", "America/Indiana/Knox", "America/Indiana/Marengo", "America/Indiana/Petersburg", "America/Indiana/Tell_City", "America/Indiana/Vevay", "America/Indiana/Vincennes", "America/Indiana/Winamac", "America/Inuvik", "America/Iqaluit", "America/Jamaica", "America/Juneau", "America/Kentucky/Louisville", "America/Kentucky/Monticello", "America/Kralendijk", "America/La_Paz", "America/Lima", "America/Los_Angeles", "America/Lower_Princes", "America/Maceio", "America/Managua", "America/Manaus", "America/Marigot", "America/Martinique", "America/Matamoros", "America/Mazatlan", "America/Menominee", "America/Merida", "America/Metlakatla", "America/Mexico_City", "America/Miquelon", "America/Moncton", "America/Monterrey", "America/Montevideo", "America/Montreal", "America/Montserrat", "America/Nassau", "America/New_York", "America/Nipigon", "America/Nome", "America/Noronha", "America/North_Dakota/Beulah", "America/North_Dakota/Center", "America/North_Dakota/New_Salem", "America/Ojinaga", "America/Panama", "America/Pangnirtung", "America/Paramaribo", "America/Phoenix", "America/Port-au-Prince", "America/Port_of_Spain", "America/Porto_Velho", "America/Puerto_Rico", "America/Rainy_River", "America/Rankin_Inlet", "America/Recife", "America/Regina", "America/Resolute", "America/Rio_Branco", "America/Santa_Isabel", "America/Santarem", "America/Santiago", "America/Santo_Domingo", "America/Sao_Paulo", "America/Scoresbysund", "America/Sitka", "America/St_Barthelemy", "America/St_Johns", "America/St_Kitts", "America/St_Lucia", "America/St_Thomas", "America/St_Vincent", "America/Swift_Current", "America/Tegucigalpa", "America/Thule", "America/Thunder_Bay", "America/Tijuana", "America/Toronto", "America/Tortola", "America/Vancouver", "America/Whitehorse", "America/Winnipeg", "America/Yakutat", "America/Yellowknife", "Antarctica/Casey", "Antarctica/Davis", "Antarctica/DumontDUrville", "Antarctica/Macquarie", "Antarctica/Mawson", "Antarctica/McMurdo", "Antarctica/Palmer", "Antarctica/Rothera", "Antarctica/Syowa", "Antarctica/Vostok", "Arctic/Longyearbyen", "Asia/Aden", "Asia/Almaty", "Asia/Amman", "Asia/Anadyr", "Asia/Aqtau", "Asia/Aqtobe", "Asia/Ashgabat", "Asia/Baghdad", "Asia/Bahrain", "Asia/Baku", "Asia/Bangkok", "Asia/Beirut", "Asia/Bishkek", "Asia/Brunei", "Asia/Choibalsan", "Asia/Chongqing", "Asia/Colombo", "Asia/Damascus", "Asia/Dhaka", "Asia/Dili", "Asia/Dubai", "Asia/Dushanbe", "Asia/Gaza", "Asia/Harbin", "Asia/Hebron", "Asia/Ho_Chi_Minh", "Asia/Hong_Kong", "Asia/Hovd", "Asia/Irkutsk", "Asia/Jakarta", "Asia/Jayapura", "Asia/Jerusalem", "Asia/Kabul", "Asia/Kamchatka", "Asia/Karachi", "Asia/Kashgar", "Asia/Kathmandu", "Asia/Khandyga", "Asia/Kolkata", "Asia/Krasnoyarsk", "Asia/Kuala_Lumpur", "Asia/Kuching", "Asia/Kuwait", "Asia/Macau", "Asia/Magadan", "Asia/Makassar", "Asia/Manila", "Asia/Muscat", "Asia/Nicosia", "Asia/Novokuznetsk", "Asia/Novosibirsk", "Asia/Omsk", "Asia/Oral", "Asia/Phnom_Penh", "Asia/Pontianak", "Asia/Pyongyang", "Asia/Qatar", "Asia/Qyzylorda", "Asia/Rangoon", "Asia/Riyadh", "Asia/Sakhalin", "Asia/Samarkand", "Asia/Seoul", "Asia/Shanghai", "Asia/Singapore", "Asia/Taipei", "Asia/Tashkent", "Asia/Tbilisi", "Asia/Tehran", "Asia/Thimphu", "Asia/Tokyo", "Asia/Ulaanbaatar", "Asia/Urumqi", "Asia/Ust-Nera", "Asia/Vientiane", "Asia/Vladivostok", "Asia/Yakutsk", "Asia/Yekaterinburg", "Asia/Yerevan", "Atlantic/Azores", "Atlantic/Bermuda", "Atlantic/Canary", "Atlantic/Cape_Verde", "Atlantic/Faroe", "Atlantic/Madeira", "Atlantic/Reykjavik", "Atlantic/South_Georgia", "Atlantic/St_Helena", "Atlantic/Stanley", "Australia/Adelaide", "Australia/Brisbane", "Australia/Broken_Hill", "Australia/Currie", "Australia/Darwin", "Australia/Eucla", "Australia/Hobart", "Australia/Lindeman", "Australia/Lord_Howe", "Australia/Melbourne", "Australia/Perth", "Australia/Sydney", "Canada/Atlantic", "Canada/Central", "Canada/Eastern", "Canada/Mountain", "Canada/Newfoundland", "Canada/Pacific", "Europe/Amsterdam", "Europe/Andorra", "Europe/Athens", "Europe/Belgrade", "Europe/Berlin", "Europe/Bratislava", "Europe/Brussels", "Europe/Bucharest", "Europe/Budapest", "Europe/Busingen", "Europe/Chisinau", "Europe/Copenhagen", "Europe/Dublin", "Europe/Gibraltar", "Europe/Guernsey", "Europe/Helsinki", "Europe/Isle_of_Man", "Europe/Istanbul", "Europe/Jersey", "Europe/Kaliningrad", "Europe/Kiev", "Europe/Lisbon", "Europe/Ljubljana", "Europe/London", "Europe/Luxembourg", "Europe/Madrid", "Europe/Malta", "Europe/Mariehamn", "Europe/Minsk", "Europe/Monaco", "Europe/Moscow", "Europe/Oslo", "Europe/Paris", "Europe/Podgorica", "Europe/Prague", "Europe/Riga", "Europe/Rome", "Europe/Samara", "Europe/San_Marino", "Europe/Sarajevo", "Europe/Simferopol", "Europe/Skopje", "Europe/Sofia", "Europe/Stockholm", "Europe/Tallinn", "Europe/Tirane", "Europe/Uzhgorod", "Europe/Vaduz", "Europe/Vatican", "Europe/Vienna", "Europe/Vilnius", "Europe/Volgograd", "Europe/Warsaw", "Europe/Zagreb", "Europe/Zaporozhye", "Europe/Zurich", "GMT", "Indian/Antananarivo", "Indian/Chagos", "Indian/Christmas", "Indian/Cocos", "Indian/Comoro", "Indian/Kerguelen", "Indian/Mahe", "Indian/Maldives", "Indian/Mauritius", "Indian/Mayotte", "Indian/Reunion", "Pacific/Apia", "Pacific/Auckland", "Pacific/Chatham", "Pacific/Chuuk", "Pacific/Easter", "Pacific/Efate", "Pacific/Enderbury", "Pacific/Fakaofo", "Pacific/Fiji", "Pacific/Funafuti", "Pacific/Galapagos", "Pacific/Gambier", "Pacific/Guadalcanal", "Pacific/Guam", "Pacific/Honolulu", "Pacific/Johnston", "Pacific/Kiritimati", "Pacific/Kosrae", "Pacific/Kwajalein", "Pacific/Majuro", "Pacific/Marquesas", "Pacific/Midway", "Pacific/Nauru", "Pacific/Niue", "Pacific/Norfolk", "Pacific/Noumea", "Pacific/Pago_Pago", "Pacific/Palau", "Pacific/Pitcairn", "Pacific/Pohnpei", "Pacific/Port_Moresby", "Pacific/Rarotonga", "Pacific/Saipan", "Pacific/Tahiti", "Pacific/Tarawa", "Pacific/Tongatapu", "Pacific/Wake", "Pacific/Wallis", "US/Alaska", "US/Arizona", "US/Central", "US/Eastern", "US/Hawaii", "US/Mountain", "US/Pacific", "UTC", ], "Default": "UTC", "Description": "Choose the default Time Zone. Default is 'UTC'.", "Type": "String", }, "EnableSSMMaintenanceWindows": { "AllowedValues": [ "Yes", "No", ], "Default": "No", "Description": "Enable the solution to load SSM Maintenance Windows, so that they can be used for EC2 instance Scheduling.", "Type": "String", }, "LogRetentionDays": { "AllowedValues": [ "1", "3", "5", "7", "14", "30", "60", "90", "120", "150", "180", "365", "400", "545", "731", "1827", "3653", ], "Default": 30, "Description": "Retention days for scheduler logs.", "Type": "Number", }, "MemorySize": { "AllowedValues": [ "128", "384", "512", "640", "768", "896", "1024", "1152", "1280", "1408", "1536", ], "Default": 128, "Description": "Size of the Lambda function running the scheduler, increase size when processing large numbers of instances.", "Type": "Number", }, "Namespace": { "Default": "", "Description": "Provide unique identifier to differentiate between multiple solution deployments (No Spaces). Example: Dev", "Type": "String", }, "Principals": { "Default": "", "Description": "(Required) If using AWS Organizations, provide the Organization ID. Eg. o-xxxxyyy. Else, provide a comma separated list of spoke account ids to schedule. Eg.: 1111111111, 2222222222 or {param: ssm-param-name}", "Type": "CommaDelimitedList", }, "Regions": { "Default": "", "Description": "List of regions in which instances should be scheduled, leave blank for current region only.", "Type": "CommaDelimitedList", }, "ScheduleLambdaAccount": { "AllowedValues": [ "Yes", "No", ], "Default": "Yes", "Description": "Schedule instances in this account.", "Type": "String", }, "ScheduleRdsClusters": { "AllowedValues": [ "Yes", "No", ], "Default": "No", "Description": "Enable scheduling of Aurora clusters for RDS Service.", "Type": "String", }, "ScheduledServices": { "AllowedValues": [ "EC2", "RDS", "Both", ], "Default": "EC2", "Description": "Scheduled Services.", "Type": "String", }, "SchedulerFrequency": { "AllowedValues": [ "1", "2", "5", "10", "15", "30", "60", ], "Default": "5", "Description": "Scheduler running frequency in minutes.", "Type": "String", }, "SchedulingActive": { "AllowedValues": [ "Yes", "No", ], "Default": "Yes", "Description": "Activate or deactivate scheduling.", "Type": "String", }, "StartedTags": { "Default": "InstanceScheduler-LastAction=Started By {scheduler} {year}/{month}/{day} {hour}:{minute}{timezone}, ", "Description": "Comma separated list of tag keys and values of the format key=value, key=value,... that are set on started instances. Leave blank to disable.", "Type": "String", }, "StoppedTags": { "Default": "InstanceScheduler-LastAction=Stopped By {scheduler} {year}/{month}/{day} {hour}:{minute}{timezone}, ", "Description": "Comma separated list of tag keys and values of the format key=value, key=value,... that are set on stopped instances. Leave blank to disable.", "Type": "String", }, "TagName": { "Default": "Schedule", "Description": "Name of tag to use for associating instance schedule schemas with service instances.", "MaxLength": 127, "MinLength": 1, "Type": "String", }, "Trace": { "AllowedValues": [ "Yes", "No", ], "Default": "No", "Description": "Enable debug-level logging in CloudWatch logs.", "Type": "String", }, "UseCloudWatchMetrics": { "AllowedValues": [ "Yes", "No", ], "Default": "No", "Description": "Collect instance scheduling data using CloudWatch metrics.", "Type": "String", }, "UsingAWSOrganizations": { "AllowedValues": [ "Yes", "No", ], "Default": "No", "Description": "Use AWS Organizations to automate spoke account registration.", "Type": "String", }, }, "Resources": { "AppRegistry968496A3": { "Properties": { "Description": { "Fn::Join": [ "", [ "Service Catalog application to track and manage all your resources for the solution ", { "Fn::FindInMap": [ "AppRegistryForInstanceSchedulerSolution25A90F05", "Data", "SolutionName", ], }, ], ], }, "Name": { "Fn::Join": [ "-", [ { "Fn::FindInMap": [ "AppRegistryForInstanceSchedulerSolution25A90F05", "Data", "AppRegistryApplicationName", ], }, { "Ref": "AWS::Region", }, { "Ref": "AWS::AccountId", }, { "Ref": "AWS::StackName", }, ], ], }, "Tags": { "Solutions:ApplicationType": { "Fn::FindInMap": [ "AppRegistryForInstanceSchedulerSolution25A90F05", "Data", "ApplicationType", ], }, "Solutions:SolutionID": { "Fn::FindInMap": [ "AppRegistryForInstanceSchedulerSolution25A90F05", "Data", "ID", ], }, "Solutions:SolutionName": { "Fn::FindInMap": [ "AppRegistryForInstanceSchedulerSolution25A90F05", "Data", "SolutionName", ], }, "Solutions:SolutionVersion": { "Fn::FindInMap": [ "AppRegistryForInstanceSchedulerSolution25A90F05", "Data", "Version", ], }, }, }, "Type": "AWS::ServiceCatalogAppRegistry::Application", }, "AppRegistryAssociation": { "Properties": { "Application": { "Fn::GetAtt": [ "AppRegistry968496A3", "Id", ], }, "Resource": { "Ref": "AWS::StackId", }, "ResourceType": "CFN_STACK", }, "Type": "AWS::ServiceCatalogAppRegistry::ResourceAssociation", }, "AppRegistryAttributeGroupAssociationf823ba38a843A987197E": { "Properties": { "Application": { "Fn::GetAtt": [ "AppRegistry968496A3", "Id", ], }, "AttributeGroup": { "Fn::GetAtt": [ "AppRegistryDefaultApplicationAttributes15279635", "Id", ], }, }, "Type": "AWS::ServiceCatalogAppRegistry::AttributeGroupAssociation", }, "AppRegistryDefaultApplicationAttributes15279635": { "Properties": { "Attributes": { "applicationType": { "Fn::FindInMap": [ "AppRegistryForInstanceSchedulerSolution25A90F05", "Data", "ApplicationType", ], }, "solutionID": { "Fn::FindInMap": [ "AppRegistryForInstanceSchedulerSolution25A90F05", "Data", "ID", ], }, "solutionName": { "Fn::FindInMap": [ "AppRegistryForInstanceSchedulerSolution25A90F05", "Data", "SolutionName", ], }, "version": { "Fn::FindInMap": [ "AppRegistryForInstanceSchedulerSolution25A90F05", "Data", "Version", ], }, }, "Description": "Attribute group for solution information", "Name": { "Fn::Join": [ "", [ "attgroup-", { "Fn::Join": [ "-", [ { "Ref": "AWS::Region", }, { "Ref": "AWS::StackName", }, ], ], }, ], ], }, "Tags": { "Solutions:ApplicationType": { "Fn::FindInMap": [ "AppRegistryForInstanceSchedulerSolution25A90F05", "Data", "ApplicationType", ], }, "Solutions:SolutionID": { "Fn::FindInMap": [ "AppRegistryForInstanceSchedulerSolution25A90F05", "Data", "ID", ], }, "Solutions:SolutionName": { "Fn::FindInMap": [ "AppRegistryForInstanceSchedulerSolution25A90F05", "Data", "SolutionName", ], }, "Solutions:SolutionVersion": { "Fn::FindInMap": [ "AppRegistryForInstanceSchedulerSolution25A90F05", "Data", "Version", ], }, }, }, "Type": "AWS::ServiceCatalogAppRegistry::AttributeGroup", }, "ConfigTable": { "DeletionPolicy": "Delete", "Properties": { "AttributeDefinitions": [ { "AttributeName": "type", "AttributeType": "S", }, { "AttributeName": "name", "AttributeType": "S", }, ], "BillingMode": "PAY_PER_REQUEST", "KeySchema": [ { "AttributeName": "type", "KeyType": "HASH", }, { "AttributeName": "name", "KeyType": "RANGE", }, ], "PointInTimeRecoverySpecification": { "PointInTimeRecoveryEnabled": true, }, "SSESpecification": { "KMSMasterKeyId": { "Ref": "InstanceSchedulerEncryptionKey", }, "SSEEnabled": true, "SSEType": "KMS", }, }, "Type": "AWS::DynamoDB::Table", "UpdateReplacePolicy": "Delete", }, "ConfigurationMetricsEventRule8BE742A8": { "Properties": { "Description": "Instance Scheduler - Rule to trigger gathering of weekly anonymized operational metrics for Instance Scheduler", "ScheduleExpression": "rate(7 days)", "State": { "Fn::FindInMap": [ "mappings", "EnabledDisabled", { "Fn::FindInMap": [ "Send", "AnonymousUsage", "Data", ], }, ], }, "Targets": [ { "Arn": { "Fn::GetAtt": [ "Main", "Arn", ], }, "Id": "Target0", "Input": "{"scheduled_action":"collect_configuration_metrics"}", }, ], }, "Type": "AWS::Events::Rule", }, "ConfigurationMetricsEventRuleAllowEventRulestackschedulerlambdaC9E2D53DBDC7CFFA": { "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "Main", "Arn", ], }, "Principal": "events.amazonaws.com", "SourceArn": { "Fn::GetAtt": [ "ConfigurationMetricsEventRule8BE742A8", "Arn", ], }, }, "Type": "AWS::Lambda::Permission", }, "EC2DynamoDBPolicy": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "All policies have been scoped to be as restrictive as possible. This solution needs to access ec2/rds resources across all regions.", }, ], }, "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "All policies have been scoped to be as restrictive as possible. This solution needs to access ec2/rds resources across all regions.", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "ssm:GetParameter", "ssm:GetParameters", ], "Effect": "Allow", "Resource": { "Fn::Sub": "arn:\${AWS::Partition}:ssm:*:\${AWS::AccountId}:parameter/*", }, }, { "Action": [ "rds:DescribeDBClusters", "rds:DescribeDBInstances", "ec2:DescribeInstances", "cloudwatch:PutMetricData", "ssm:DescribeMaintenanceWindows", "tag:GetResources", ], "Effect": "Allow", "Resource": "*", }, { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "logs:PutRetentionPolicy", ], "Effect": "Allow", "Resource": [ { "Fn::Sub": "arn:\${AWS::Partition}:logs:\${AWS::Region}:\${AWS::AccountId}:log-group:/aws/lambda/*", }, { "Fn::GetAtt": [ "SchedulerLogGroup", "Arn", ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "EC2DynamoDBPolicy", "Roles": [ { "Ref": "SchedulerRole", }, ], }, "Type": "AWS::IAM::Policy", }, "Ec2PermissionsB6E87802": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "This Lambda function needs to be able to modify ec2 instances for scheduling purposes.", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": "ec2:ModifyInstanceAttribute", "Effect": "Allow", "Resource": { "Fn::Sub": "arn:\${AWS::Partition}:ec2:*:\${AWS::AccountId}:instance/*", }, }, { "Action": "sts:AssumeRole", "Effect": "Allow", "Resource": { "Fn::Sub": [ "arn:\${AWS::Partition}:iam::*:role/\${Namespace}-\${Name}", { "Name": { "Fn::FindInMap": [ "mappings", "SchedulerRole", "Name", ], }, }, ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "Ec2PermissionsB6E87802", "Roles": [ { "Ref": "SchedulerRole", }, ], }, "Type": "AWS::IAM::Policy", }, "EventBusRuleLambdaPermission": { "Condition": "IsMemberOfOrganization", "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "Main", }, "Principal": "events.amazonaws.com", "SourceArn": { "Fn::GetAtt": [ "schedulerssmparametercrossaccountevents", "Arn", ], }, }, "Type": "AWS::Lambda::Permission", }, "InstanceSchedulerEncryptionKey": { "DeletionPolicy": "Delete", "Properties": { "Description": "Key for SNS", "EnableKeyRotation": true, "Enabled": true, "KeyPolicy": { "Statement": [ { "Action": "kms:*", "Effect": "Allow", "Principal": { "AWS": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition", }, ":iam::111111111111:root", ], ], }, }, "Resource": "*", "Sid": "default", }, { "Action": [ "kms:GenerateDataKey*", "kms:Decrypt", ], "Effect": "Allow", "Principal": { "AWS": { "Fn::GetAtt": [ "SchedulerRole", "Arn", ], }, }, "Resource": "*", "Sid": "Allows use of key", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Delete", }, "InstanceSchedulerEncryptionKeyAlias": { "Properties": { "AliasName": { "Fn::Join": [ "", [ "alias/", { "Ref": "AWS::StackName", }, "-instance-scheduler-encryption-key", ], ], }, "TargetKeyId": { "Fn::GetAtt": [ "InstanceSchedulerEncryptionKey", "Arn", ], }, }, "Type": "AWS::KMS::Alias", }, "InstanceSchedulerSnsTopic": { "Properties": { "KmsMasterKeyId": { "Fn::GetAtt": [ "InstanceSchedulerEncryptionKey", "Arn", ], }, }, "Type": "AWS::SNS::Topic", }, "Main": { "DependsOn": [ "EC2DynamoDBPolicy", "Ec2PermissionsB6E87802", "SchedulerPolicy", "SchedulerRDSPolicy2E7C328A", "SchedulerRoleDefaultPolicy66F774B8", "SchedulerRole", ], "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-L1", "reason": "Lambda runtime held back to the newest supported by all partitions", }, ], }, "cfn_nag": { "rules_to_suppress": [ { "id": "W89", "reason": "This Lambda function does not need to access any resource provisioned within a VPC.", }, { "id": "W58", "reason": "This Lambda function has permission provided to write to CloudWatch logs using the iam roles.", }, { "id": "W92", "reason": "Lambda function is only used by the event rule periodically, concurrent calls are very limited.", }, ], }, }, "Properties": { "Code": "Omitted to remove snapshot dependency on code hash", "Description": "EC2 and RDS instance scheduler, version v1.5.0", "Environment": { "Variables": { "ACCOUNT": "111111111111", "APP_NAMESPACE": { "Ref": "Namespace", }, "CONFIG_TABLE": { "Ref": "ConfigTable", }, "DDB_TABLE_NAME": { "Ref": "StateTable", }, "DEFAULT_TIMEZONE": { "Ref": "DefaultTimezone", }, "ENABLE_AWS_ORGANIZATIONS": { "Fn::FindInMap": [ "mappings", "TrueFalse", { "Ref": "UsingAWSOrganizations", }, ], }, "ENABLE_CLOUDWATCH_METRICS": { "Fn::FindInMap": [ "mappings", "TrueFalse", { "Ref": "UseCloudWatchMetrics", }, ], }, "ENABLE_EC2_SERVICE": { "Fn::If": [ "ScheduleEC2", "True", "False", ], }, "ENABLE_EC2_SSM_MAINTENANCE_WINDOWS": { "Fn::FindInMap": [ "mappings", "TrueFalse", { "Ref": "EnableSSMMaintenanceWindows", }, ], }, "ENABLE_RDS_CLUSTERS": { "Fn::FindInMap": [ "mappings", "TrueFalse", { "Ref": "ScheduleRdsClusters", }, ], }, "ENABLE_RDS_SERVICE": { "Fn::If": [ "ScheduleRDS", "True", "False", ], }, "ENABLE_RDS_SNAPSHOTS": { "Fn::FindInMap": [ "mappings", "TrueFalse", { "Ref": "CreateRdsSnapshot", }, ], }, "ENABLE_SCHEDULE_HUB_ACCOUNT": { "Fn::FindInMap": [ "mappings", "TrueFalse", { "Ref": "ScheduleLambdaAccount", }, ], }, "ISSUES_TOPIC_ARN": { "Ref": "InstanceSchedulerSnsTopic", }, "LOG_GROUP": { "Ref": "SchedulerLogGroup", }, "MAINTENANCE_WINDOW_TABLE": { "Ref": "MaintenanceWindowTable", }, "METRICS_URL": { "Fn::FindInMap": [ "mappings", "Settings", "MetricsUrl", ], }, "SCHEDULER_FREQUENCY": { "Ref": "SchedulerFrequency", }, "SCHEDULER_ROLE_NAME": { "Fn::FindInMap": [ "mappings", "SchedulerRole", "Name", ], }, "SCHEDULE_REGIONS": { "Fn::Join": [ ",", { "Ref": "Regions", }, ], }, "SCHEDULE_TAG_KEY": { "Ref": "TagName", }, "SEND_METRICS": { "Fn::FindInMap": [ "mappings", "TrueFalse", { "Fn::FindInMap": [ "Send", "AnonymousUsage", "Data", ], }, ], }, "SOLUTION_ID": { "Fn::FindInMap": [ "mappings", "Settings", "MetricsSolutionId", ], }, "SOLUTION_VERSION": "v1.5.0", "STACK_ID": { "Ref": "AWS::StackId", }, "STACK_NAME": { "Ref": "AWS::StackName", }, "START_EC2_BATCH_SIZE": "5", "START_TAGS": { "Ref": "StartedTags", }, "STATE_TABLE": { "Ref": "StateTable", }, "STOP_TAGS": { "Ref": "StoppedTags", }, "TRACE": { "Fn::FindInMap": [ "mappings", "TrueFalse", { "Ref": "Trace", }, ], }, "USER_AGENT_EXTRA": "AwsSolution/SO0030/v1.5.0", "UUID_KEY": { "Fn::FindInMap": [ "Send", "ParameterKey", "UniqueId", ], }, }, }, "FunctionName": { "Fn::Join": [ "", [ { "Ref": "AWS::StackName", }, "-InstanceSchedulerMain", ], ], }, "Handler": "instance_scheduler.main.lambda_handler", "MemorySize": { "Ref": "MemorySize", }, "Role": { "Fn::GetAtt": [ "SchedulerRole", "Arn", ], }, "Runtime": "python3.10", "Timeout": 300, "TracingConfig": { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, "MaintenanceWindowTable": { "DeletionPolicy": "Delete", "Properties": { "AttributeDefinitions": [ { "AttributeName": "Name", "AttributeType": "S", }, { "AttributeName": "account-region", "AttributeType": "S", }, ], "BillingMode": "PAY_PER_REQUEST", "KeySchema": [ { "AttributeName": "Name", "KeyType": "HASH", }, { "AttributeName": "account-region", "KeyType": "RANGE", }, ], "PointInTimeRecoverySpecification": { "PointInTimeRecoveryEnabled": true, }, "SSESpecification": { "KMSMasterKeyId": { "Ref": "InstanceSchedulerEncryptionKey", }, "SSEEnabled": true, "SSEType": "KMS", }, }, "Type": "AWS::DynamoDB::Table", "UpdateReplacePolicy": "Delete", }, "SchedulerConfigHelper": { "DeletionPolicy": "Delete", "DependsOn": [ "SchedulerLogGroup", ], "Properties": { "ServiceToken": { "Fn::GetAtt": [ "Main", "Arn", ], }, "aws_partition": { "Fn::Sub": "\${AWS::Partition}", }, "create_rds_snapshot": { "Fn::FindInMap": [ "mappings", "TrueFalse", { "Ref": "CreateRdsSnapshot", }, ], }, "default_timezone": { "Ref": "DefaultTimezone", }, "enable_ssm_maintenance_windows": { "Fn::FindInMap": [ "mappings", "TrueFalse", { "Ref": "EnableSSMMaintenanceWindows", }, ], }, "log_retention_days": { "Ref": "LogRetentionDays", }, "namespace": { "Ref": "Namespace", }, "regions": { "Ref": "Regions", }, "remote_account_ids": { "Ref": "Principals", }, "schedule_clusters": { "Fn::FindInMap": [ "mappings", "TrueFalse", { "Ref": "ScheduleRdsClusters", }, ], }, "schedule_lambda_account": { "Fn::FindInMap": [ "mappings", "TrueFalse", { "Ref": "ScheduleLambdaAccount", }, ], }, "scheduled_services": { "Fn::Split": [ ",", { "Fn::FindInMap": [ "mappings", "Services", { "Ref": "ScheduledServices", }, ], }, ], }, "scheduler_role_name": { "Fn::FindInMap": [ "mappings", "SchedulerRole", "Name", ], }, "stack_version": "v1.5.0", "started_tags": { "Ref": "StartedTags", }, "stopped_tags": { "Ref": "StoppedTags", }, "tagname": { "Ref": "TagName", }, "timeout": 120, "trace": { "Fn::FindInMap": [ "mappings", "TrueFalse", { "Ref": "Trace", }, ], }, "use_aws_organizations": { "Fn::FindInMap": [ "mappings", "TrueFalse", { "Ref": "UsingAWSOrganizations", }, ], }, "use_metrics": { "Fn::FindInMap": [ "mappings", "TrueFalse", { "Ref": "UseCloudWatchMetrics", }, ], }, }, "Type": "Custom::ServiceSetup", "UpdateReplacePolicy": "Delete", }, "SchedulerEventRuleAllowEventRulestackschedulerlambdaC9E2D53DB26536BE": { "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "Main", "Arn", ], }, "Principal": "events.amazonaws.com", "SourceArn": { "Fn::GetAtt": [ "SchedulerRule", "Arn", ], }, }, "Type": "AWS::Lambda::Permission", }, "SchedulerLogGroup": { "DeletionPolicy": "Delete", "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W84", "reason": "CloudWatch log groups only have transactional data from the Lambda function, this template has to be supported in gov cloud which doesn't yet have the feature to provide kms key id to cloudwatch log group.", }, ], }, }, "Properties": { "LogGroupName": { "Fn::Join": [ "", [ { "Ref": "AWS::StackName", }, "-logs", ], ], }, "RetentionInDays": { "Ref": "LogRetentionDays", }, }, "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Delete", }, "SchedulerPolicy": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "All policies have been scoped to be as restrictive as possible. This solution needs to access ec2/rds resources across all regions.", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "rds:AddTagsToResource", "rds:RemoveTagsFromResource", "rds:DescribeDBSnapshots", "rds:StartDBInstance", "rds:StopDBInstance", ], "Effect": "Allow", "Resource": { "Fn::Sub": "arn:\${AWS::Partition}:rds:*:\${AWS::AccountId}:db:*", }, }, { "Action": [ "ec2:StartInstances", "ec2:StopInstances", "ec2:CreateTags", "ec2:DeleteTags", ], "Effect": "Allow", "Resource": { "Fn::Sub": "arn:\${AWS::Partition}:ec2:*:\${AWS::AccountId}:instance/*", }, }, { "Action": "sns:Publish", "Effect": "Allow", "Resource": { "Ref": "InstanceSchedulerSnsTopic", }, }, { "Action": "lambda:InvokeFunction", "Effect": "Allow", "Resource": { "Fn::Sub": "arn:\${AWS::Partition}:lambda:\${AWS::Region}:\${AWS::AccountId}:function:\${AWS::StackName}-InstanceSchedulerMain", }, }, { "Action": [ "kms:GenerateDataKey*", "kms:Decrypt", ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "InstanceSchedulerEncryptionKey", "Arn", ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "SchedulerPolicy", "Roles": [ { "Ref": "SchedulerRole", }, ], }, "Type": "AWS::IAM::Policy", }, "SchedulerRDSPolicy2E7C328A": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "All policies have been scoped to be as restrictive as possible. This solution needs to access ec2/rds resources across all regions.", }, ], }, }, "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "rds:DeleteDBSnapshot", "rds:DescribeDBSnapshots", "rds:StopDBInstance", ], "Effect": "Allow", "Resource": { "Fn::Sub": "arn:\${AWS::Partition}:rds:*:\${AWS::AccountId}:snapshot:*", }, }, { "Action": [ "rds:AddTagsToResource", "rds:RemoveTagsFromResource", "rds:StartDBCluster", "rds:StopDBCluster", ], "Effect": "Allow", "Resource": { "Fn::Sub": "arn:\${AWS::Partition}:rds:*:\${AWS::AccountId}:cluster:*", }, }, ], "Version": "2012-10-17", }, "PolicyName": "SchedulerRDSPolicy2E7C328A", "Roles": [ { "Ref": "SchedulerRole", }, ], }, "Type": "AWS::IAM::Policy", }, "SchedulerRole": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com", }, }, { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Path": "/", }, "Type": "AWS::IAM::Role", }, "SchedulerRoleDefaultPolicy66F774B8": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, { "Action": [ "dynamodb:BatchGetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:Query", "dynamodb:GetItem", "dynamodb:Scan", "dynamodb:ConditionCheckItem", "dynamodb:BatchWriteItem", "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:DescribeTable", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "StateTable", "Arn", ], }, { "Ref": "AWS::NoValue", }, ], }, { "Action": [ "dynamodb:DeleteItem", "dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:Query", "dynamodb:Scan", "dynamodb:BatchWriteItem", "dynamodb:UpdateItem", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "ConfigTable", "Arn", ], }, { "Fn::GetAtt": [ "MaintenanceWindowTable", "Arn", ], }, ], }, { "Action": [ "ssm:PutParameter", "ssm:GetParameter", ], "Effect": "Allow", "Resource": { "Fn::Sub": "arn:\${AWS::Partition}:ssm:\${AWS::Region}:\${AWS::AccountId}:parameter/Solutions/instance-scheduler-on-aws/UUID/*", }, }, ], "Version": "2012-10-17", }, "PolicyName": "SchedulerRoleDefaultPolicy66F774B8", "Roles": [ { "Ref": "SchedulerRole", }, ], }, "Type": "AWS::IAM::Policy", }, "SchedulerRule": { "Properties": { "Description": "Instance Scheduler - Rule to trigger instance for scheduler function version v1.5.0", "ScheduleExpression": { "Fn::FindInMap": [ "mappings", "Timeouts", { "Ref": "SchedulerFrequency", }, ], }, "State": { "Fn::FindInMap": [ "mappings", "EnabledDisabled", { "Ref": "SchedulingActive", }, ], }, "Targets": [ { "Arn": { "Fn::GetAtt": [ "Main", "Arn", ], }, "Id": "Target0", "Input": "{"scheduled_action":"run_orchestrator"}", }, ], }, "Type": "AWS::Events::Rule", }, "StateTable": { "DeletionPolicy": "Delete", "Properties": { "AttributeDefinitions": [ { "AttributeName": "service", "AttributeType": "S", }, { "AttributeName": "account-region", "AttributeType": "S", }, ], "BillingMode": "PAY_PER_REQUEST", "KeySchema": [ { "AttributeName": "service", "KeyType": "HASH", }, { "AttributeName": "account-region", "KeyType": "RANGE", }, ], "PointInTimeRecoverySpecification": { "PointInTimeRecoveryEnabled": true, }, "SSESpecification": { "KMSMasterKeyId": { "Ref": "InstanceSchedulerEncryptionKey", }, "SSEEnabled": true, "SSEType": "KMS", }, }, "Type": "AWS::DynamoDB::Table", "UpdateReplacePolicy": "Delete", }, "schedulereventbus": { "Condition": "IsMemberOfOrganization", "Properties": { "Name": { "Fn::Join": [ "", [ { "Ref": "Namespace", }, "-", { "Fn::FindInMap": [ "mappings", "SchedulerEventBusName", "Name", ], }, ], ], }, }, "Type": "AWS::Events::EventBus", }, "schedulereventbuspolicy": { "Condition": "IsMemberOfOrganization", "Properties": { "Action": "events:PutEvents", "Condition": { "Key": "aws:PrincipalOrgID", "Type": "StringEquals", "Value": { "Fn::Select": [ 0, { "Ref": "Principals", }, ], }, }, "EventBusName": { "Fn::GetAtt": [ "schedulereventbus", "Name", ], }, "Principal": "*", "StatementId": { "Fn::GetAtt": [ "schedulereventbus", "Name", ], }, }, "Type": "AWS::Events::EventBusPolicy", }, "schedulerssmparametercrossaccountevents": { "Condition": "IsMemberOfOrganization", "Properties": { "Description": "Event rule to invoke Instance Scheduler lambda function to store spoke account id(s) in configuration.", "EventBusName": { "Fn::GetAtt": [ "schedulereventbus", "Name", ], }, "EventPattern": { "detail": { "name": [ "/instance-scheduler/do-not-delete-manually", ], "operation": [ "Create", "Delete", ], "type": [ "String", ], }, "detail-type": [ "Parameter Store Change", ], "source": [ "aws.ssm", ], }, "State": "ENABLED", "Targets": [ { "Arn": { "Fn::GetAtt": [ "Main", "Arn", ], }, "Id": "Scheduler-Lambda-Function", }, ], }, "Type": "AWS::Events::Rule", }, }, } `;