// Jest Snapshot v1, https://goo.gl/fbAQLP exports[`M2C2 data stream test 1`] = ` Object { "Resources": Object { "TestKinesisDataStreamKinesisFirehoseToS3KinesisFirehose65C9C06A": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "It specifies a bucket, so it is not a wildcard permission.", }, Object { "id": "AwsSolutions-KDF1", "reason": "The data stream is encrypted.", }, ], }, }, "Properties": Object { "DeliveryStreamType": "KinesisStreamAsSource", "ExtendedS3DestinationConfiguration": Object { "BucketARN": Object { "Fn::GetAtt": Array [ "TestKinesisDataStreamKinesisFirehoseToS3S3BucketBAAD035E", "Arn", ], }, "BufferingHints": Object { "IntervalInSeconds": 300, "SizeInMBs": 5, }, "CloudWatchLoggingOptions": Object { "Enabled": true, "LogGroupName": Object { "Ref": "TestKinesisDataStreamKinesisFirehoseToS3firehoseloggroup044C9C02", }, "LogStreamName": Object { "Ref": "TestKinesisDataStreamKinesisFirehoseToS3firehoseloggroupfirehoselogstream1435D54F", }, }, "CompressionFormat": "GZIP", "EncryptionConfiguration": Object { "KMSEncryptionConfig": Object { "AWSKMSKeyARN": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":kms:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":alias/aws/s3", ], ], }, }, }, "RoleARN": Object { "Fn::GetAtt": Array [ "TestKinesisDataStreamKinesisFirehoseToS3KinesisFirehoseRoleB8514A3C", "Arn", ], }, }, "KinesisStreamSourceConfiguration": Object { "KinesisStreamARN": Object { "Fn::GetAtt": Array [ "TestKinesisDataStreamKinesisStream0CE70927", "Arn", ], }, "RoleARN": Object { "Fn::GetAtt": Array [ "TestKinesisKinesisStreamsRoleDDF9DCCB", "Arn", ], }, }, }, "Type": "AWS::KinesisFirehose::DeliveryStream", }, "TestKinesisDataStreamKinesisFirehoseToS3KinesisFirehosePolicy965E5D12": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "It specifies a bucket, so it is not a wildcard permission.", }, Object { "id": "AwsSolutions-KDF1", "reason": "The data stream is encrypted.", }, ], }, }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "s3:AbortMultipartUpload", "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:PutObject", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::GetAtt": Array [ "TestKinesisDataStreamKinesisFirehoseToS3S3BucketBAAD035E", "Arn", ], }, Object { "Fn::Join": Array [ "", Array [ Object { "Fn::GetAtt": Array [ "TestKinesisDataStreamKinesisFirehoseToS3S3BucketBAAD035E", "Arn", ], }, "/*", ], ], }, ], }, Object { "Action": "logs:PutLogEvents", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:", Object { "Ref": "TestKinesisDataStreamKinesisFirehoseToS3firehoseloggroup044C9C02", }, ":log-stream:", Object { "Ref": "TestKinesisDataStreamKinesisFirehoseToS3firehoseloggroupfirehoselogstream1435D54F", }, ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "TestKinesisDataStreamKinesisFirehoseToS3KinesisFirehosePolicy965E5D12", "Roles": Array [ Object { "Ref": "TestKinesisDataStreamKinesisFirehoseToS3KinesisFirehoseRoleB8514A3C", }, ], }, "Type": "AWS::IAM::Policy", }, "TestKinesisDataStreamKinesisFirehoseToS3KinesisFirehoseRoleB8514A3C": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "It specifies a bucket, so it is not a wildcard permission.", }, Object { "id": "AwsSolutions-KDF1", "reason": "The data stream is encrypted.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "firehose.amazonaws.com", }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "TestKinesisDataStreamKinesisFirehoseToS3S3BucketBAAD035E": Object { "DeletionPolicy": "Retain", "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "It specifies a bucket, so it is not a wildcard permission.", }, Object { "id": "AwsSolutions-KDF1", "reason": "The data stream is encrypted.", }, ], }, }, "Properties": Object { "BucketEncryption": Object { "ServerSideEncryptionConfiguration": Array [ Object { "ServerSideEncryptionByDefault": Object { "SSEAlgorithm": "AES256", }, }, ], }, "BucketName": Object { "Fn::Join": Array [ "", Array [ Object { "Ref": "AWS::StackName", }, "-", Object { "Ref": "AWS::AccountId", }, "-kds", ], ], }, "LifecycleConfiguration": Object { "Rules": Array [ Object { "NoncurrentVersionTransitions": Array [ Object { "StorageClass": "GLACIER", "TransitionInDays": 90, }, ], "Status": "Enabled", }, ], }, "LoggingConfiguration": Object { "DestinationBucketName": Object { "Ref": "TestLoggingBucket", }, "LogFilePrefix": "m2c2data/", }, "PublicAccessBlockConfiguration": Object { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, "VersioningConfiguration": Object { "Status": "Enabled", }, }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "TestKinesisDataStreamKinesisFirehoseToS3S3BucketPolicy54723E0B": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "It specifies a bucket, so it is not a wildcard permission.", }, Object { "id": "AwsSolutions-KDF1", "reason": "The data stream is encrypted.", }, ], }, }, "Properties": Object { "Bucket": Object { "Ref": "TestKinesisDataStreamKinesisFirehoseToS3S3BucketBAAD035E", }, "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:*", "Condition": Object { "Bool": Object { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": Object { "AWS": "*", }, "Resource": Array [ Object { "Fn::GetAtt": Array [ "TestKinesisDataStreamKinesisFirehoseToS3S3BucketBAAD035E", "Arn", ], }, Object { "Fn::Join": Array [ "", Array [ Object { "Fn::GetAtt": Array [ "TestKinesisDataStreamKinesisFirehoseToS3S3BucketBAAD035E", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, }, "Type": "AWS::S3::BucketPolicy", }, "TestKinesisDataStreamKinesisFirehoseToS3firehoseloggroup044C9C02": Object { "DeletionPolicy": "Retain", "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "It specifies a bucket, so it is not a wildcard permission.", }, Object { "id": "AwsSolutions-KDF1", "reason": "The data stream is encrypted.", }, ], }, "cfn_nag": Object { "rules_to_suppress": Array [ Object { "id": "W86", "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", }, Object { "id": "W84", "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", }, ], }, }, "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, "TestKinesisDataStreamKinesisFirehoseToS3firehoseloggroupfirehoselogstream1435D54F": Object { "DeletionPolicy": "Retain", "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "It specifies a bucket, so it is not a wildcard permission.", }, Object { "id": "AwsSolutions-KDF1", "reason": "The data stream is encrypted.", }, ], }, }, "Properties": Object { "LogGroupName": Object { "Ref": "TestKinesisDataStreamKinesisFirehoseToS3firehoseloggroup044C9C02", }, }, "Type": "AWS::Logs::LogStream", "UpdateReplacePolicy": "Retain", }, "TestKinesisDataStreamKinesisStream0CE70927": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "It specifies a bucket, so it is not a wildcard permission.", }, Object { "id": "AwsSolutions-KDF1", "reason": "The data stream is encrypted.", }, ], }, }, "Properties": Object { "RetentionPeriodHours": 24, "ShardCount": 1, "StreamEncryption": Object { "EncryptionType": "KMS", "KeyId": "alias/aws/kinesis", }, "StreamModeDetails": Object { "StreamMode": "PROVISIONED", }, }, "Type": "AWS::Kinesis::Stream", }, "TestKinesisDataStreamKinesisStreamGetRecordsIteratorAgeAlarm7A8DFE52": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "It specifies a bucket, so it is not a wildcard permission.", }, Object { "id": "AwsSolutions-KDF1", "reason": "The data stream is encrypted.", }, ], }, }, "Properties": Object { "AlarmDescription": "Consumer Record Processing Falling Behind, there is risk for data loss due to record expiration.", "ComparisonOperator": "GreaterThanOrEqualToThreshold", "EvaluationPeriods": 1, "MetricName": "GetRecords.IteratorAgeMilliseconds", "Namespace": "AWS/Kinesis", "Period": 300, "Statistic": "Maximum", "Threshold": 2592000, }, "Type": "AWS::CloudWatch::Alarm", }, "TestKinesisDataStreamKinesisStreamReadProvisionedThroughputExceededAlarm466027EF": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "It specifies a bucket, so it is not a wildcard permission.", }, Object { "id": "AwsSolutions-KDF1", "reason": "The data stream is encrypted.", }, ], }, }, "Properties": Object { "AlarmDescription": "Consumer Application is Reading at a Slower Rate Than Expected.", "ComparisonOperator": "GreaterThanThreshold", "EvaluationPeriods": 1, "MetricName": "ReadProvisionedThroughputExceeded", "Namespace": "AWS/Kinesis", "Period": 300, "Statistic": "Average", "Threshold": 0, }, "Type": "AWS::CloudWatch::Alarm", }, "TestKinesisKinesisStreamsRoleDDF9DCCB": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "firehose.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "kinesis:DescribeStream", "kinesis:GetShardIterator", "kinesis:GetRecords", "kinesis:ListShards", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "TestKinesisDataStreamKinesisStream0CE70927", "Arn", ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "KinesisStreamsRoleRolePolicy", }, ], }, "Type": "AWS::IAM::Role", }, "TestKinesisTeardownKinesisBucketD269F9E0": Object { "Condition": "TestCondition", "DeletionPolicy": "Delete", "Properties": Object { "BucketName": Object { "Ref": "TestKinesisDataStreamKinesisFirehoseToS3S3BucketBAAD035E", }, "Resource": "DeleteS3Bucket", "ServiceToken": "", }, "Type": "AWS::CloudFormation::CustomResource", "UpdateReplacePolicy": "Delete", }, "TestLoggingBucket": Object { "DeletionPolicy": "Retain", "Properties": Object { "AccessControl": "LogDeliveryWrite", }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, }, } `;