// Jest Snapshot v1, https://goo.gl/fbAQLP exports[`M2C2 greengrass resource creation test 1`] = ` Object { "Resources": Object { "TestGreengrassGreengrassIoTPolicy448C7F58": Object { "Metadata": Object { "cfn_nag": Object { "rules_to_suppress": Array [ Object { "id": "W39", "reason": "The * resource for Greengrass actions is the minimum requirement.", }, ], }, }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "greengrass:GetComponentVersionArtifact", "greengrass:ResolveComponentCandidates", "greengrass:GetDeploymentConfiguration", "greengrass:ListThingGroupsForCoreDevice", "greengrass:PutCertificateAuthorities", "greengrass:VerifyClientDeviceIdentity", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "greengrass:VerifyClientDeviceIoTCertificateAssociation", "greengrass:Discover", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":thing/*", ], ], }, }, Object { "Action": Array [ "greengrass:GetConnectivityInfo", "greengrass:UpdateConnectivityInfo", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":greengrass:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":/greengrass/things/*", ], ], }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IoT::Policy", }, "TestGreengrassGreengrassResourceBucketB85DC1F7": Object { "DeletionPolicy": "Retain", "Properties": Object { "BucketEncryption": Object { "ServerSideEncryptionConfiguration": Array [ Object { "ServerSideEncryptionByDefault": Object { "SSEAlgorithm": "AES256", }, }, ], }, "BucketName": Object { "Fn::Join": Array [ "", Array [ Object { "Ref": "AWS::StackName", }, "-", Object { "Ref": "AWS::AccountId", }, "-gg", ], ], }, "LoggingConfiguration": Object { "LogFilePrefix": "m2c2/", }, "PublicAccessBlockConfiguration": Object { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true, }, }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "TestGreengrassGreengrassResourceBucketPolicy7016D610": Object { "Properties": Object { "Bucket": Object { "Ref": "TestGreengrassGreengrassResourceBucketB85DC1F7", }, "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:*", "Condition": Object { "Bool": Object { "aws:SecureTransport": "false", }, }, "Effect": "Deny", "Principal": Object { "AWS": "*", }, "Resource": Array [ Object { "Fn::GetAtt": Array [ "TestGreengrassGreengrassResourceBucketB85DC1F7", "Arn", ], }, Object { "Fn::Join": Array [ "", Array [ Object { "Fn::GetAtt": Array [ "TestGreengrassGreengrassResourceBucketB85DC1F7", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, }, "Type": "AWS::S3::BucketPolicy", }, "TestGreengrassIoTCredentialsRoleC2F465F7": Object { "Metadata": Object { "cdk_nag": Object { "rules_to_suppress": Array [ Object { "id": "AwsSolutions-IAM5", "reason": "The * action/resource is required to control Greengrass resources fully. The * resource is required for iotsitewise:BatchPutAssetPropertyValue for Greengrass v2.", }, ], }, "cfn_nag": Object { "rules_to_suppress": Array [ Object { "id": "F3", "reason": "The * action is required to control Greengrass resources fully.", }, Object { "id": "W11", "reason": "The * resource is required to control Greengrass resources fully and iotsitewise:BatchPutAssetPropertyValue actions for Greengrass v2.", }, ], }, }, "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "credentials.iot.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": Array [ Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:PutLogEvents", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":logs:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":log-group:/aws/greengrass/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "CloudWatchPolicy", }, Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "greengrass:*", "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "GreengrassPolicy", }, Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "iot:GetThingShadow", "iot:UpdateThingShadow", "iot:DeleteThingShadow", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":thing/GG_*", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":thing/*-gcm", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":thing/*-gda", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":thing/*-gci", ], ], }, ], }, Object { "Action": "iot:Publish", "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":topic/m2c2/info/*", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":topic/m2c2/error/*", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":topic/m2c2/data/*", ], ], }, ], }, Object { "Action": "iot:DescribeThing", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":thing/*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "IoTPolicy", }, Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "iotsitewise:BatchPutAssetPropertyValue", "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "IoTSiteWisePolicy", }, Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "kinesis:PutRecords", "kinesis:PutRecord", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":kinesis:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":stream/TestStream", ], ], }, "arn:of:timestream:kinesis:stream", ], }, ], "Version": "2012-10-17", }, "PolicyName": "KinesisPolicy", }, Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "s3:GetBucketLocation", "s3:GetObject", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::GetAtt": Array [ "TestGreengrassGreengrassResourceBucketB85DC1F7", "Arn", ], }, Object { "Fn::Join": Array [ "", Array [ Object { "Fn::GetAtt": Array [ "TestGreengrassGreengrassResourceBucketB85DC1F7", "Arn", ], }, "/*", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "S3Policy", }, Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "secretsmanager:GetSecretValue", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":secretsmanager:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":secret:m2c2-*", ], ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "SecretsManagerPolicy", }, ], }, "Type": "AWS::IAM::Role", }, "TestGreengrassIoTPolicyE612A24A": Object { "Metadata": Object { "cfn_nag": Object { "rules_to_suppress": Array [ Object { "id": "W39", "reason": "The * resource for iot:Connect is required for the solution.", }, ], }, }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "iot:Connect", "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "iot:GetThingShadow", "iot:UpdateThingShadow", "iot:DeleteThingShadow", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":thing/*", ], ], }, }, Object { "Action": Array [ "iot:Publish", "iot:Receive", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":topic/$aws/things/*/greengrass/health/json", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":topic/$aws/things/*/greengrassv2/health/json", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":topic/m2c2/job/*", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":topic/m2c2/info/*", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":topic/m2c2/error/*", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":topic/m2c2/data/*", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":topic/$aws/things/*/jobs/*", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":topic/$aws/things/*/shadow/*", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":topic/$aws/sitewise/gateways/*/diagnostics", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":topic/$aws/sitewise/things/*/connectors/*/configuration/*", ], ], }, ], }, Object { "Action": "iot:Subscribe", "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":topicfilter/m2c2/job/*", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":topicfilter/$aws/things/*/jobs/*", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":topicfilter/$aws/things/*/shadow/*", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":topicfilter/$aws/sitewise/gateways/*/diagnostics", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":topicfilter/$aws/sitewise/things/*/connectors/*/configuration/*", ], ], }, ], }, Object { "Action": "iot:AssumeRoleWithCertificate", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iot:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":rolealias/m2c2-role-alias-test-uuid", ], ], }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IoT::Policy", }, "TestGreengrassTeardownGreengrassResourcesBucket94AE96EB": Object { "Condition": "TestCondition", "DeletionPolicy": "Delete", "Properties": Object { "BucketName": Object { "Ref": "TestGreengrassGreengrassResourceBucketB85DC1F7", }, "Resource": "DeleteS3Bucket", "ServiceToken": "test-arn", }, "Type": "AWS::CloudFormation::CustomResource", "UpdateReplacePolicy": "Delete", }, "TestLoggingBucket": Object { "DeletionPolicy": "Retain", "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, }, } `;