// Jest Snapshot v1, https://goo.gl/fbAQLP
exports[`M2C2 custom resources test 1`] = `
Object {
"Resources": Object {
"TestCustomResourcesCustomResourceFunctionCFD154D8": Object {
"DependsOn": Array [
"TestCustomResourcesCustomResourceFunctionRoleDefaultPolicy6353EA09",
"TestCustomResourcesCustomResourceFunctionRole173D7934",
],
"Properties": Object {
"Code": Object {
"S3Bucket": "test-bucket-region",
"S3Key": "v0.0.1-test/machine-to-cloud-connectivity-framework/custom-resource.zip",
},
"Description": "Machine to Cloud Connectivity custom resource function",
"Environment": Object {
"Variables": Object {
"LOGGING_LEVEL": "ERROR",
"SOLUTION_ID": "SO0070-Test",
"SOLUTION_VERSION": "v0.0.1-test",
},
},
"Handler": "custom-resource/index.handler",
"Role": Object {
"Fn::GetAtt": Array [
"TestCustomResourcesCustomResourceFunctionRole173D7934",
"Arn",
],
},
"Runtime": "nodejs16.x",
"Timeout": 240,
},
"Type": "AWS::Lambda::Function",
},
"TestCustomResourcesCustomResourceFunctionRole173D7934": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "IoT actions cannot specify the resource. It does not allow wildcard permissions either.",
},
],
},
"cfn_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "W11",
"reason": "IoT actions cannot specify the resource.",
},
],
},
},
"Properties": Object {
"AssumeRolePolicyDocument": Object {
"Statement": Array [
Object {
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": Object {
"Service": "lambda.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
"Path": "/",
"Policies": Array [
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": "*",
"Effect": "Allow",
"Resource": "logs:*",
},
],
"Version": "2012-10-17",
},
"PolicyName": "CloudWatchPolicy",
},
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"iot:CreateKeysAndCertificate",
"iot:DescribeEndpoint",
"iot:UpdateCertificate",
"iot:UpdateThingShadow",
"iot:DeleteCertificate",
],
"Effect": "Allow",
"Resource": "*",
},
Object {
"Action": Array [
"iot:CreateRoleAlias",
"iot:DeleteRoleAlias",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":rolealias/*",
],
],
},
},
Object {
"Action": Array [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":logs:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":log-group:*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "GreengrassIoTPolicy",
},
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"s3:List*",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:PutObject",
"s3:Delete*",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:aws:s3:::",
Object {
"Ref": "AWS::StackName",
},
"*",
],
],
},
},
Object {
"Action": Array [
"timestream:DescribeEndpoints",
"timestream:ListTables",
"timestream:DescribeTable",
"timestream:DeleteTable",
"timestream:DeleteDatabase",
"timestream:DescribeDatabase",
],
"Effect": "Allow",
"Resource": "*",
},
],
"Version": "2012-10-17",
},
"PolicyName": "TeardownPolicy",
},
],
},
"Type": "AWS::IAM::Role",
},
"TestCustomResourcesCustomResourceFunctionRoleDefaultPolicy6353EA09": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "IoT actions cannot specify the resource. It does not allow wildcard permissions either.",
},
],
},
},
"Properties": Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"s3:GetObject*",
"s3:GetBucket*",
"s3:List*",
],
"Effect": "Allow",
"Resource": Array [
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":s3:::test-bucket-region",
],
],
},
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":s3:::test-bucket-region/v0.0.1-test/machine-to-cloud-connectivity-framework/*",
],
],
},
],
},
],
"Version": "2012-10-17",
},
"PolicyName": "TestCustomResourcesCustomResourceFunctionRoleDefaultPolicy6353EA09",
"Roles": Array [
Object {
"Ref": "TestCustomResourcesCustomResourceFunctionRole173D7934",
},
],
},
"Type": "AWS::IAM::Policy",
},
"TestCustomResourcesDescribeIoTEndpoint8E27194B": Object {
"DeletionPolicy": "Delete",
"Properties": Object {
"Resource": "DescribeIoTEndpoint",
"ServiceToken": Object {
"Fn::GetAtt": Array [
"TestCustomResourcesCustomResourceFunctionCFD154D8",
"Arn",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"TestCustomResourcesSendAnonymousMetricsF6400FC2": Object {
"Condition": "TestCondition",
"DeletionPolicy": "Delete",
"Properties": Object {
"ExistingKinesisStream": "",
"ExistingTimestreamDatabase": "",
"Resource": "SendAnonymousMetrics",
"ServiceToken": Object {
"Fn::GetAtt": Array [
"TestCustomResourcesCustomResourceFunctionCFD154D8",
"Arn",
],
},
"SolutionUUID": Object {
"Fn::GetAtt": Array [
"TestCustomResourcesUUID15254492",
"UUID",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"TestCustomResourcesUUID15254492": Object {
"DeletionPolicy": "Delete",
"Properties": Object {
"Resource": "CreateUUID",
"ServiceToken": Object {
"Fn::GetAtt": Array [
"TestCustomResourcesCustomResourceFunctionCFD154D8",
"Arn",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
},
}
`;
exports[`M2C2 setup Greengrass v2 custom resource test 1`] = `
Object {
"Resources": Object {
"TestCustomResourcesCopyGreengrassComponentsArtifact635CD361": Object {
"DeletionPolicy": "Delete",
"Properties": Object {
"Artifacts": Object {
"ModbusTcpConnectorArtifact": "m2c2_modbus_tcp_connector.zip",
"OpcDaConnectorArtifact": "m2c2_opcda_connector.zip",
"OsiPiConnectorArtifact": "m2c2_osipi_connector.zip",
"PublisherArtifact": "m2c2_publisher.zip",
},
"DestinationBucket": "test-greengrass-v2-resource-bucket",
"Resource": "CopyGreengrassComponentsArtifact",
"ServiceToken": Object {
"Fn::GetAtt": Array [
"TestCustomResourcesCustomResourceFunctionCFD154D8",
"Arn",
],
},
"SourceBucket": "test-bucket-region",
"SourcePrefix": "v0.0.1-test/machine-to-cloud-connectivity-framework",
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"TestCustomResourcesCreateGreengrassInstallationScriptsB272BC9A": Object {
"DeletionPolicy": "Delete",
"Properties": Object {
"CredentialProviderEndpoint": Object {
"Fn::GetAtt": Array [
"TestCustomResourcesDescribeIoTEndpoint8E27194B",
"CredentialProviderEndpoint",
],
},
"DataAtsEndpoint": Object {
"Fn::GetAtt": Array [
"TestCustomResourcesDescribeIoTEndpoint8E27194B",
"DataAtsEndpoint",
],
},
"DestinationBucket": "test-greengrass-v2-resource-bucket",
"IoTRoleAlias": "mock-iot-role-alias-name",
"Resource": "CreateGreengrassInstallationScripts",
"ServiceToken": Object {
"Fn::GetAtt": Array [
"TestCustomResourcesCustomResourceFunctionCFD154D8",
"Arn",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"TestCustomResourcesCustomResourceFunctionCFD154D8": Object {
"DependsOn": Array [
"TestCustomResourcesCustomResourceFunctionRoleDefaultPolicy6353EA09",
"TestCustomResourcesCustomResourceFunctionRole173D7934",
],
"Properties": Object {
"Code": Object {
"S3Bucket": "test-bucket-region",
"S3Key": "v0.0.1-test/machine-to-cloud-connectivity-framework/custom-resource.zip",
},
"Description": "Machine to Cloud Connectivity custom resource function",
"Environment": Object {
"Variables": Object {
"LOGGING_LEVEL": "ERROR",
"SOLUTION_ID": "SO0070-Test",
"SOLUTION_VERSION": "v0.0.1-test",
},
},
"Handler": "custom-resource/index.handler",
"Role": Object {
"Fn::GetAtt": Array [
"TestCustomResourcesCustomResourceFunctionRole173D7934",
"Arn",
],
},
"Runtime": "nodejs16.x",
"Timeout": 240,
},
"Type": "AWS::Lambda::Function",
},
"TestCustomResourcesCustomResourceFunctionRole173D7934": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "IoT actions cannot specify the resource. It does not allow wildcard permissions either.",
},
],
},
"cfn_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "W11",
"reason": "IoT actions cannot specify the resource.",
},
],
},
},
"Properties": Object {
"AssumeRolePolicyDocument": Object {
"Statement": Array [
Object {
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": Object {
"Service": "lambda.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
"Path": "/",
"Policies": Array [
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": "*",
"Effect": "Allow",
"Resource": "logs:*",
},
],
"Version": "2012-10-17",
},
"PolicyName": "CloudWatchPolicy",
},
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"iot:CreateKeysAndCertificate",
"iot:DescribeEndpoint",
"iot:UpdateCertificate",
"iot:UpdateThingShadow",
"iot:DeleteCertificate",
],
"Effect": "Allow",
"Resource": "*",
},
Object {
"Action": Array [
"iot:CreateRoleAlias",
"iot:DeleteRoleAlias",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":rolealias/*",
],
],
},
},
Object {
"Action": Array [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":logs:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":log-group:*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "GreengrassIoTPolicy",
},
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"s3:List*",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:PutObject",
"s3:Delete*",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:aws:s3:::",
Object {
"Ref": "AWS::StackName",
},
"*",
],
],
},
},
Object {
"Action": Array [
"timestream:DescribeEndpoints",
"timestream:ListTables",
"timestream:DescribeTable",
"timestream:DeleteTable",
"timestream:DeleteDatabase",
"timestream:DescribeDatabase",
],
"Effect": "Allow",
"Resource": "*",
},
],
"Version": "2012-10-17",
},
"PolicyName": "TeardownPolicy",
},
],
},
"Type": "AWS::IAM::Role",
},
"TestCustomResourcesCustomResourceFunctionRoleDefaultPolicy6353EA09": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "IoT actions cannot specify the resource. It does not allow wildcard permissions either.",
},
],
},
},
"Properties": Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"s3:GetObject*",
"s3:GetBucket*",
"s3:List*",
],
"Effect": "Allow",
"Resource": Array [
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":s3:::test-bucket-region",
],
],
},
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":s3:::test-bucket-region/v0.0.1-test/machine-to-cloud-connectivity-framework/*",
],
],
},
],
},
Object {
"Action": Array [
"s3:PutObject",
"s3:PutObjectLegalHold",
"s3:PutObjectRetention",
"s3:PutObjectTagging",
"s3:PutObjectVersionTagging",
"s3:Abort*",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":s3:::test-greengrass-v2-resource-bucket/*",
],
],
},
},
Object {
"Action": Array [
"s3:GetObject*",
"s3:GetBucket*",
"s3:List*",
],
"Effect": "Allow",
"Resource": Array [
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":s3:::test-greengrass-v2-resource-bucket",
],
],
},
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":s3:::test-greengrass-v2-resource-bucket/*",
],
],
},
],
},
],
"Version": "2012-10-17",
},
"PolicyName": "TestCustomResourcesCustomResourceFunctionRoleDefaultPolicy6353EA09",
"Roles": Array [
Object {
"Ref": "TestCustomResourcesCustomResourceFunctionRole173D7934",
},
],
},
"Type": "AWS::IAM::Policy",
},
"TestCustomResourcesDeleteIoTCertificate1F6EC2F7": Object {
"DeletionPolicy": "Delete",
"DependsOn": Array [
"TestCustomResourcesGreengrassV2DeletePolicy326F4C0D",
],
"Properties": Object {
"CertificateArn": Object {
"Fn::GetAtt": Array [
"TestCustomResourcesCreateGreengrassInstallationScriptsB272BC9A",
"CertificateArn",
],
},
"CertificateId": Object {
"Fn::GetAtt": Array [
"TestCustomResourcesCreateGreengrassInstallationScriptsB272BC9A",
"CertificateId",
],
},
"Resource": "DeleteIoTCertificate",
"ServiceToken": Object {
"Fn::GetAtt": Array [
"TestCustomResourcesCustomResourceFunctionCFD154D8",
"Arn",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"TestCustomResourcesDescribeIoTEndpoint8E27194B": Object {
"DeletionPolicy": "Delete",
"Properties": Object {
"Resource": "DescribeIoTEndpoint",
"ServiceToken": Object {
"Fn::GetAtt": Array [
"TestCustomResourcesCustomResourceFunctionCFD154D8",
"Arn",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"TestCustomResourcesGreengrassPolicyPrincipalAttachmentC3678051": Object {
"Properties": Object {
"PolicyName": "mock-greengrass-iot-policy-name",
"Principal": Object {
"Fn::GetAtt": Array [
"TestCustomResourcesCreateGreengrassInstallationScriptsB272BC9A",
"CertificateArn",
],
},
},
"Type": "AWS::IoT::PolicyPrincipalAttachment",
},
"TestCustomResourcesGreengrassV2CustomResourcePolicy9760B37E": Object {
"Properties": Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": "iam:PassRole",
"Effect": "Allow",
"Resource": "arn:of:iot:credentials:role",
},
],
"Version": "2012-10-17",
},
"PolicyName": "TestCustomResourcesGreengrassV2CustomResourcePolicy9760B37E",
"Roles": Array [
Object {
"Ref": "TestCustomResourcesCustomResourceFunctionRole173D7934",
},
],
},
"Type": "AWS::IAM::Policy",
},
"TestCustomResourcesGreengrassV2DeletePolicy326F4C0D": Object {
"Properties": Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"iot:DetachThingPrincipal",
"iot:ListPrincipalThings",
],
"Effect": "Allow",
"Resource": Object {
"Fn::GetAtt": Array [
"TestCustomResourcesCreateGreengrassInstallationScriptsB272BC9A",
"CertificateArn",
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "TestCustomResourcesGreengrassV2DeletePolicy326F4C0D",
"Roles": Array [
Object {
"Ref": "TestCustomResourcesCustomResourceFunctionRole173D7934",
},
],
},
"Type": "AWS::IAM::Policy",
},
"TestCustomResourcesManageIoTRoleAlias2A7EDE79": Object {
"DeletionPolicy": "Delete",
"Properties": Object {
"Resource": "ManageIoTRoleAlias",
"RoleAliasName": "mock-iot-role-alias-name",
"RoleArn": "arn:of:iot:credentials:role",
"ServiceToken": Object {
"Fn::GetAtt": Array [
"TestCustomResourcesCustomResourceFunctionCFD154D8",
"Arn",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"TestCustomResourcesPolicyPrincipalAttachmentA1D6F59A": Object {
"Properties": Object {
"PolicyName": "mock-iot-policy-name",
"Principal": Object {
"Fn::GetAtt": Array [
"TestCustomResourcesCreateGreengrassInstallationScriptsB272BC9A",
"CertificateArn",
],
},
},
"Type": "AWS::IoT::PolicyPrincipalAttachment",
},
"TestCustomResourcesSendAnonymousMetricsF6400FC2": Object {
"Condition": "TestCondition",
"DeletionPolicy": "Delete",
"Properties": Object {
"ExistingKinesisStream": "",
"ExistingTimestreamDatabase": "Existing",
"Resource": "SendAnonymousMetrics",
"ServiceToken": Object {
"Fn::GetAtt": Array [
"TestCustomResourcesCustomResourceFunctionCFD154D8",
"Arn",
],
},
"SolutionUUID": Object {
"Fn::GetAtt": Array [
"TestCustomResourcesUUID15254492",
"UUID",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"TestCustomResourcesUUID15254492": Object {
"DeletionPolicy": "Delete",
"Properties": Object {
"Resource": "CreateUUID",
"ServiceToken": Object {
"Fn::GetAtt": Array [
"TestCustomResourcesCustomResourceFunctionCFD154D8",
"Arn",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
},
}
`;
exports[`M2C2 setup UI custom resource test 1`] = `
Object {
"Resources": Object {
"TestCustomResourcesCopyUiAssets99691241": Object {
"DeletionPolicy": "Delete",
"Properties": Object {
"DestinationBucket": "test-ui-bucket",
"ManifestFile": "manifest.json",
"Resource": "CopyUIAssets",
"ServiceToken": Object {
"Fn::GetAtt": Array [
"TestCustomResourcesCustomResourceFunctionCFD154D8",
"Arn",
],
},
"SourceBucket": "test-bucket-region",
"SourcePrefix": "v0.0.1-test/machine-to-cloud-connectivity-framework",
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"TestCustomResourcesCreateUiConfigE2FF7D36": Object {
"DeletionPolicy": "Delete",
"Properties": Object {
"ApiEndpoint": "https://mock-api.com",
"ConfigFileName": "aws-exports.js",
"DestinationBucket": "test-ui-bucket",
"IdentityPoolId": "mock-identity-pool-id",
"LoggingLevel": "ERROR",
"Resource": "CreateUIConfig",
"S3Bucket": "test-greengrass-bucket",
"ServiceToken": Object {
"Fn::GetAtt": Array [
"TestCustomResourcesCustomResourceFunctionCFD154D8",
"Arn",
],
},
"UserPoolId": "mock-user-pool-id",
"WebClientId": "mock-user-pool-web-client-id",
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"TestCustomResourcesCustomResourceFunctionCFD154D8": Object {
"DependsOn": Array [
"TestCustomResourcesCustomResourceFunctionRoleDefaultPolicy6353EA09",
"TestCustomResourcesCustomResourceFunctionRole173D7934",
],
"Properties": Object {
"Code": Object {
"S3Bucket": "test-bucket-region",
"S3Key": "v0.0.1-test/machine-to-cloud-connectivity-framework/custom-resource.zip",
},
"Description": "Machine to Cloud Connectivity custom resource function",
"Environment": Object {
"Variables": Object {
"LOGGING_LEVEL": "ERROR",
"SOLUTION_ID": "SO0070-Test",
"SOLUTION_VERSION": "v0.0.1-test",
},
},
"Handler": "custom-resource/index.handler",
"Role": Object {
"Fn::GetAtt": Array [
"TestCustomResourcesCustomResourceFunctionRole173D7934",
"Arn",
],
},
"Runtime": "nodejs16.x",
"Timeout": 240,
},
"Type": "AWS::Lambda::Function",
},
"TestCustomResourcesCustomResourceFunctionRole173D7934": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "IoT actions cannot specify the resource. It does not allow wildcard permissions either.",
},
],
},
"cfn_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "W11",
"reason": "IoT actions cannot specify the resource.",
},
],
},
},
"Properties": Object {
"AssumeRolePolicyDocument": Object {
"Statement": Array [
Object {
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": Object {
"Service": "lambda.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
"Path": "/",
"Policies": Array [
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": "*",
"Effect": "Allow",
"Resource": "logs:*",
},
],
"Version": "2012-10-17",
},
"PolicyName": "CloudWatchPolicy",
},
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"iot:CreateKeysAndCertificate",
"iot:DescribeEndpoint",
"iot:UpdateCertificate",
"iot:UpdateThingShadow",
"iot:DeleteCertificate",
],
"Effect": "Allow",
"Resource": "*",
},
Object {
"Action": Array [
"iot:CreateRoleAlias",
"iot:DeleteRoleAlias",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":rolealias/*",
],
],
},
},
Object {
"Action": Array [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":logs:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":log-group:*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "GreengrassIoTPolicy",
},
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"s3:List*",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:PutObject",
"s3:Delete*",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:aws:s3:::",
Object {
"Ref": "AWS::StackName",
},
"*",
],
],
},
},
Object {
"Action": Array [
"timestream:DescribeEndpoints",
"timestream:ListTables",
"timestream:DescribeTable",
"timestream:DeleteTable",
"timestream:DeleteDatabase",
"timestream:DescribeDatabase",
],
"Effect": "Allow",
"Resource": "*",
},
],
"Version": "2012-10-17",
},
"PolicyName": "TeardownPolicy",
},
],
},
"Type": "AWS::IAM::Role",
},
"TestCustomResourcesCustomResourceFunctionRoleDefaultPolicy6353EA09": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "IoT actions cannot specify the resource. It does not allow wildcard permissions either.",
},
],
},
},
"Properties": Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"s3:GetObject*",
"s3:GetBucket*",
"s3:List*",
],
"Effect": "Allow",
"Resource": Array [
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":s3:::test-bucket-region",
],
],
},
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":s3:::test-bucket-region/v0.0.1-test/machine-to-cloud-connectivity-framework/*",
],
],
},
],
},
Object {
"Action": Array [
"s3:PutObject",
"s3:PutObjectLegalHold",
"s3:PutObjectRetention",
"s3:PutObjectTagging",
"s3:PutObjectVersionTagging",
"s3:Abort*",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":s3:::test-ui-bucket/*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "TestCustomResourcesCustomResourceFunctionRoleDefaultPolicy6353EA09",
"Roles": Array [
Object {
"Ref": "TestCustomResourcesCustomResourceFunctionRole173D7934",
},
],
},
"Type": "AWS::IAM::Policy",
},
"TestCustomResourcesDescribeIoTEndpoint8E27194B": Object {
"DeletionPolicy": "Delete",
"Properties": Object {
"Resource": "DescribeIoTEndpoint",
"ServiceToken": Object {
"Fn::GetAtt": Array [
"TestCustomResourcesCustomResourceFunctionCFD154D8",
"Arn",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"TestCustomResourcesSendAnonymousMetricsF6400FC2": Object {
"Condition": "TestCondition",
"DeletionPolicy": "Delete",
"Properties": Object {
"ExistingKinesisStream": "Existing",
"ExistingTimestreamDatabase": "",
"Resource": "SendAnonymousMetrics",
"ServiceToken": Object {
"Fn::GetAtt": Array [
"TestCustomResourcesCustomResourceFunctionCFD154D8",
"Arn",
],
},
"SolutionUUID": Object {
"Fn::GetAtt": Array [
"TestCustomResourcesUUID15254492",
"UUID",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"TestCustomResourcesUUID15254492": Object {
"DeletionPolicy": "Delete",
"Properties": Object {
"Resource": "CreateUUID",
"ServiceToken": Object {
"Fn::GetAtt": Array [
"TestCustomResourcesCustomResourceFunctionCFD154D8",
"Arn",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
},
}
`;