// Jest Snapshot v1, https://goo.gl/fbAQLP exports[`M2C2 connection builder test 1`] = ` Object { "Resources": Object { "TestConnectionBuilderConnectionBuilderPolicy73ECF9B3": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "iotsitewise:CreateGateway and iotsitewise:ListGateways cannot have specific resources.", }, ], }, "cfn_nag": Object { "rules_to_suppress": Array [ Object { "id": "W12", "reason": "iotsitewise:CreateGateway and iotsitewise:ListGateways cannot have specific resources.", }, ], }, }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "iot:Publish", "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":topic/m2c2/job/*", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":topic/m2c2/info/*", ], ], }, ], }, Object { "Action": "lambda:InvokeFunction", "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "TestConnectionBuilderGreengrassDeployer17DC0609", "Arn", ], }, }, Object { "Action": Array [ "dynamodb:Scan", "dynamodb:Query", ], "Effect": "Allow", "Resource": "arn:of:logs:dynamodb:table", }, Object { "Action": Array [ "dynamodb:DeleteItem", "dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:Scan", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "TestConnectionBuilderGreengrassCoreDevicesTable45BE6CB9", "Arn", ], }, }, Object { "Action": Array [ "iotsitewise:DeleteGateway", "iotsitewise:DescribeGateway", "iotsitewise:DescribeGatewayCapabilityConfiguration", "iotsitewise:UpdateGatewayCapabilityConfiguration", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iotsitewise:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":gateway/*", ], ], }, }, Object { "Action": Array [ "iotsitewise:CreateGateway", "iotsitewise:ListGateways", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "greengrass:DeleteCoreDevice", "greengrass:ListCoreDevices", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":greengrass:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":coreDevices:*", ], ], }, }, Object { "Action": Array [ "iot:CreateThing", "iot:DescribeThing", "iot:DeleteThing", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":thing/*", ], ], }, }, Object { "Action": Array [ "s3:DeleteObject", "s3:GetObject", "s3:ListBucket", "s3:PutObject", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::greengrass-bucket", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::greengrass-bucket/*", ], ], }, ], }, Object { "Action": Array [ "iot:AttachThingPrincipal", "iot:DetachThingPrincipal", ], "Effect": "Allow", "Resource": "arn:of:certificate", }, Object { "Action": "iam:PassRole", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::", Object { "Ref": "AWS::AccountId", }, ":role/aws-service-role/iotsitewise.amazonaws.com/AWSServiceRoleForIoTSiteWise", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "TestConnectionBuilderConnectionBuilderPolicy73ECF9B3", "Roles": Array [ Object { "Ref": "TestConnectionBuilderLambdaFunctionServiceRoleE6F72093", }, ], }, "Type": "AWS::IAM::Policy", }, "TestConnectionBuilderDynamoTable194EE541": Object { "DeletionPolicy": "Delete", "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "It does not allow wildcard permissions.", }, ], }, }, "Properties": Object { "AttributeDefinitions": Array [ Object { "AttributeName": "connectionName", "AttributeType": "S", }, ], "BillingMode": "PAY_PER_REQUEST", "KeySchema": Array [ Object { "AttributeName": "connectionName", "KeyType": "HASH", }, ], "PointInTimeRecoverySpecification": Object { "PointInTimeRecoveryEnabled": true, }, "SSESpecification": Object { "SSEEnabled": true, }, }, "Type": "AWS::DynamoDB::Table", "UpdateReplacePolicy": "Retain", }, "TestConnectionBuilderGreengrassCoreDevicesTable45BE6CB9": Object { "DeletionPolicy": "Delete", "Properties": Object { "AttributeDefinitions": Array [ Object { "AttributeName": "name", "AttributeType": "S", }, ], "BillingMode": "PAY_PER_REQUEST", "KeySchema": Array [ Object { "AttributeName": "name", "KeyType": "HASH", }, ], "PointInTimeRecoverySpecification": Object { "PointInTimeRecoveryEnabled": true, }, "SSESpecification": Object { "SSEEnabled": true, }, }, "Type": "AWS::DynamoDB::Table", "UpdateReplacePolicy": "Retain", }, "TestConnectionBuilderGreengrassDeployer17DC0609": Object { "DependsOn": Array [ "TestConnectionBuilderGreengrassDeployerRoleF431DA74", ], "Properties": Object { "Code": Object { "S3Bucket": "test-bucket-region", "S3Key": "v0.0.1-test/machine-to-cloud-connectivity-framework/greengrass-deployer.zip", }, "Description": "Machine to Cloud Connectivity Greengrass deployer function", "Environment": Object { "Variables": Object { "ARTIFACT_BUCKET": "greengrass-bucket", "COLLECTOR_ID": "test-collector-id", "COMPONENT_VERSION": "0.0.1-test", "CONNECTION_DYNAMODB_TABLE": Object { "Ref": "TestConnectionBuilderDynamoTable194EE541", }, "GREENGRASS_CORE_DEVICES_DYNAMODB_TABLE": Object { "Ref": "TestConnectionBuilderGreengrassCoreDevicesTable45BE6CB9", }, "IOT_ENDPOINT": "https://iot.amazonaws.com", "KINESIS_STREAM": "test-kinesis-stream", "LOGGING_LEVEL": "ERROR", "SEND_ANONYMOUS_METRIC": "Yes", "SOLUTION_ID": "SO0070-Test", "SOLUTION_UUID": "test-uuid", "SOLUTION_VERSION": "v0.0.1-test", "TIMESTREAM_KINESIS_STREAM": "test-kinesis-stream-for-timestream", }, }, "Handler": "greengrass-deployer/index.handler", "ReservedConcurrentExecutions": 1, "Role": Object { "Fn::GetAtt": Array [ "TestConnectionBuilderGreengrassDeployerRoleF431DA74", "Arn", ], }, "Runtime": "nodejs16.x", "Timeout": 600, }, "Type": "AWS::Lambda::Function", }, "TestConnectionBuilderGreengrassDeployerEventInvokeConfigB5CDCF0F": Object { "Properties": Object { "FunctionName": Object { "Ref": "TestConnectionBuilderGreengrassDeployer17DC0609", }, "MaximumRetryAttempts": 0, "Qualifier": "$LATEST", }, "Type": "AWS::Lambda::EventInvokeConfig", }, "TestConnectionBuilderGreengrassDeployerRoleF431DA74": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "The * resource is needed to control Greengrass resources and other IoT actions.", }, ], }, "cfn_nag": Object { "rules_to_suppress": Array [ Object { "id": "W11", "reason": "The * resource is needed to control Greengrass resources and other IoT actions.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Path": "/", "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "*", "Effect": "Allow", "Resource": "logs:*", }, ], "Version": "2012-10-17", }, "PolicyName": "CloudWatchPolicy", }, Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "greengrass:CreateComponentVersion", "greengrass:CreateDeployment", "greengrass:DeleteComponent", "greengrass:GetDeployment", "greengrass:ListComponents", "greengrass:ListDeployments", "iot:CancelJob", "iot:CreateJob", "iot:DeleteThingShadow", "iot:DescribeJob", "iot:DescribeThing", "iot:DescribeThingGroup", "iot:GetThingShadow", "iot:UpdateJob", "iot:UpdateThingShadow", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": "iot:Publish", "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":topic/m2c2/job/*", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":topic/m2c2/info/*", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":topic/m2c2/error/*", ], ], }, ], }, Object { "Action": "iot:DescribeThing", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":thing/*", ], ], }, }, Object { "Action": Array [ "iotsitewise:DescribeGatewayCapabilityConfiguration", "iotsitewise:UpdateGatewayCapabilityConfiguration", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iotsitewise:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":gateway/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "GreengrassIoTPolicy", }, Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "dynamodb:DeleteItem", "dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:Scan", "dynamodb:UpdateItem", "dynamodb:Query", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "TestConnectionBuilderDynamoTable194EE541", "Arn", ], }, }, Object { "Action": Array [ "dynamodb:GetItem", "dynamodb:UpdateItem", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "TestConnectionBuilderGreengrassCoreDevicesTable45BE6CB9", "Arn", ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "DynamoDBPolicy", }, Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:GetObject", "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::greengrass-bucket", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::greengrass-bucket/*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "S3Policy", }, Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "secretsmanager:CreateSecret", "secretsmanager:DeleteSecret", "secretsmanager:PutSecretValue", "secretsmanager:UpdateSecret", "secretsmanager:RestoreSecret", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":secretsmanager:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":secret:m2c2-*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "SecretsManagerPolicy", }, ], }, "Type": "AWS::IAM::Role", }, "TestConnectionBuilderLambdaFunction4AEC75A1": Object { "DependsOn": Array [ "TestConnectionBuilderLambdaFunctionServiceRoleDefaultPolicy4806C2A3", "TestConnectionBuilderLambdaFunctionServiceRoleE6F72093", ], "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "It does not allow wildcard permissions.", }, ], }, "cfn_nag": Object { "rules_to_suppress": Array [ Object { "id": "W58", "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", }, Object { "id": "W89", "reason": "This is not a rule for the general case, just for specific use cases/industries", }, Object { "id": "W92", "reason": "Impossible for us to define the correct concurrency for clients", }, ], }, }, "Properties": Object { "Code": Object { "S3Bucket": "test-bucket-region", "S3Key": "v0.0.1-test/machine-to-cloud-connectivity-framework/connection-builder.zip", }, "Description": "Machine to Cloud Connectivity connection builder function", "Environment": Object { "Variables": Object { "CONNECTION_DYNAMODB_TABLE": Object { "Ref": "TestConnectionBuilderDynamoTable194EE541", }, "GREENGRASS_CORE_DEVICES_DYNAMODB_TABLE": Object { "Ref": "TestConnectionBuilderGreengrassCoreDevicesTable45BE6CB9", }, "GREENGRASS_DEPLOYER_LAMBDA_FUNCTION": Object { "Ref": "TestConnectionBuilderGreengrassDeployer17DC0609", }, "GREENGRASS_RESOURCE_BUCKET": "greengrass-bucket", "IOT_CERTIFICATE_ARN": "arn:of:certificate", "IOT_ENDPOINT": "https://iot.amazonaws.com", "LOGGING_LEVEL": "ERROR", "LOGS_DYNAMODB_TABLE": "test-logs-table", "PAGE_SIZE": "20", "SEND_ANONYMOUS_METRIC": "Yes", "SOLUTION_ID": "SO0070-Test", "SOLUTION_UUID": "test-uuid", "SOLUTION_VERSION": "v0.0.1-test", }, }, "Handler": "connection-builder/index.handler", "Role": Object { "Fn::GetAtt": Array [ "TestConnectionBuilderLambdaFunctionServiceRoleE6F72093", "Arn", ], }, "Runtime": "nodejs16.x", "Timeout": 60, "TracingConfig": Object { "Mode": "Active", }, }, "Type": "AWS::Lambda::Function", }, "TestConnectionBuilderLambdaFunctionServiceRoleDefaultPolicy4806C2A3": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "It does not allow wildcard permissions.", }, ], }, "cfn_nag": Object { "rules_to_suppress": Array [ Object { "id": "W12", "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", }, ], }, }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "dynamodb:BatchGetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:Query", "dynamodb:GetItem", "dynamodb:Scan", "dynamodb:ConditionCheckItem", "dynamodb:BatchWriteItem", "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:DescribeTable", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::GetAtt": Array [ "TestConnectionBuilderDynamoTable194EE541", "Arn", ], }, Object { "Ref": "AWS::NoValue", }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "TestConnectionBuilderLambdaFunctionServiceRoleDefaultPolicy4806C2A3", "Roles": Array [ Object { "Ref": "TestConnectionBuilderLambdaFunctionServiceRoleE6F72093", }, ], }, "Type": "AWS::IAM::Policy", }, "TestConnectionBuilderLambdaFunctionServiceRoleE6F72093": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "It does not allow wildcard permissions.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/lambda/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "LambdaFunctionServiceRolePolicy", }, ], }, "Type": "AWS::IAM::Role", }, }, } `;